Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
FW URGENT RFQ-400098211.exe

Overview

General Information

Sample name:FW URGENT RFQ-400098211.exe
Analysis ID:1436367
MD5:eb22df9e911f644327e4417b7e170727
SHA1:fc4be943bdd75bea11402dafd25eac549662adfd
SHA256:2b45e61ed11c6c785371e18c12018cc5ffbe85e5caa889b3101312f80677dd80
Tags:exeHUN
Infos:

Detection

AgentTesla
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Sigma detected: MSBuild connects to smtp port
Yara detected AgentTesla
Yara detected AntiVM3
Yara detected UAC Bypass using CMSTP
.NET source code references suspicious native API functions
Allocates memory in foreign processes
Check if machine is in data center or colocation facility
Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)
Contains functionality to log keystrokes (.Net Source)
Initial sample is a PE file and has a suspicious name
Injects a PE file into a foreign processes
Machine Learning detection for sample
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Sigma detected: Silenttrinity Stager Msbuild Activity
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file / registry access)
Writes to foreign memory regions
Yara detected Generic Downloader
AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if the current process is being debugged
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
PE file does not import any functions
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses SMTP (mail sending)
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • FW URGENT RFQ-400098211.exe (PID: 5728 cmdline: "C:\Users\user\Desktop\FW URGENT RFQ-400098211.exe" MD5: EB22DF9E911F644327E4417B7E170727)
    • InstallUtil.exe (PID: 7216 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\installutil.exe" MD5: 5D4073B2EB6D217C19F2B22F21BF8D57)
    • MSBuild.exe (PID: 7288 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe" MD5: 8FDF47E0FF70C40ED3A17014AEEA4232)
    • WerFault.exe (PID: 7860 cmdline: C:\Windows\system32\WerFault.exe -u -p 5728 -s 1104 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)
  • chrome.exe (PID: 7232 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://%3cfnc1%3e(%08)192207080962112986271363245700090061668218406782359533476819003707/ MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 7572 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2424 --field-trial-handle=2392,i,10964861050037891216,14656894280507300521,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Agent Tesla, AgentTeslaA .NET based information stealer readily available to actors due to leaked builders. The malware is able to log keystrokes, can access the host's clipboard and crawls the disk for credentials or other valuable information. It has the capability to send information back to its C&C via HTTP(S), SMTP, FTP, or towards a Telegram channel.
  • SWEED
https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla

Malware Configuration

Threatname: Agenttesla

{"Exfil Mode": "SMTP", "Port": "587", "Host": "terminal4.veeblehosting.com", "Username": "appo@kailmaticarbon.com", "Password": "Ifeanyi1987@"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000003.00000002.2873047771.0000000003462000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
    00000003.00000002.2873047771.000000000343E000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
      00000003.00000002.2871237151.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        00000003.00000002.2871237151.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
          00000000.00000002.1873031135.0000023639E38000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_UACBypassusingCMSTPYara detected UAC Bypass using CMSTPJoe Security
            Click to see the 10 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            3.2.MSBuild.exe.400000.0.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
              3.2.MSBuild.exe.400000.0.unpackJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
                3.2.MSBuild.exe.400000.0.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                  0.2.FW URGENT RFQ-400098211.exe.23649e3dcf8.2.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                    0.2.FW URGENT RFQ-400098211.exe.23649e3dcf8.2.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                      Click to see the 13 entries

                      Sigma Signatures

                      Networking

                      barindex
                      Sigma detected: MSBuild connects to smtp port
                      Source: Network ConnectionAuthor: Joe Security: Data: DestinationIp: 108.170.55.203, DestinationIsIpv6: false, DestinationPort: 587, EventID: 3, Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe, Initiated: true, ProcessId: 7288, Protocol: tcp, SourceIp: 192.168.2.4, SourceIsIpv6: false, SourcePort: 49747

                      System Summary

                      barindex
                      Sigma detected: Silenttrinity Stager Msbuild Activity
                      Source: Network ConnectionAuthor: Kiran kumar s, oscd.community: Data: DestinationIp: 208.95.112.1, DestinationIsIpv6: false, DestinationPort: 80, EventID: 3, Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe, Initiated: true, ProcessId: 7288, Protocol: tcp, SourceIp: 192.168.2.4, SourceIsIpv6: false, SourcePort: 49742

                      Snort Signatures

                      No Snort rule has matched

                      Joe Sandbox Signatures

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection

                      barindex
                      Found malware configuration
                      Source: 0.2.FW URGENT RFQ-400098211.exe.23649e79740.3.raw.unpackMalware Configuration Extractor: Agenttesla {"Exfil Mode": "SMTP", "Port": "587", "Host": "terminal4.veeblehosting.com", "Username": "appo@kailmaticarbon.com", "Password": "Ifeanyi1987@"}
                      Multi AV Scanner detection for submitted file
                      Source: FW URGENT RFQ-400098211.exeReversingLabs: Detection: 37%
                      Source: FW URGENT RFQ-400098211.exeVirustotal: Detection: 30%Perma Link
                      Machine Learning detection for sample
                      Source: FW URGENT RFQ-400098211.exeJoe Sandbox ML: detected

                      Exploits

                      barindex
                      Yara detected UAC Bypass using CMSTP
                      Source: Yara matchFile source: 00000000.00000002.1873031135.0000023639E38000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: FW URGENT RFQ-400098211.exe PID: 5728, type: MEMORYSTR
                      Source: https://ogs.google.com/widget/app/so?awwd=1&gm3=1&origin=chrome-untrusted%3A%2F%2Fnew-tab-page&origin=chrome%3A%2F%2Fnew-tab-page&cn=app&pid=1&spid=243&hl=enHTTP Parser: No favicon
                      Source: https://ogs.google.com/widget/app/so?awwd=1&gm3=1&origin=chrome-untrusted%3A%2F%2Fnew-tab-page&origin=chrome%3A%2F%2Fnew-tab-page&cn=app&pid=1&spid=243&hl=enHTTP Parser: No favicon
                      Source: FW URGENT RFQ-400098211.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                      Source: Binary string: C:\Windows\mscorlib.pdbpdblib.pdb source: FW URGENT RFQ-400098211.exe, 00000000.00000002.1876550874.0000023652520000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: Microsoft.VisualBasic.ni.pdb source: WERBD0B.tmp.dmp.8.dr
                      Source: Binary string: \??\C:\Windows\dll\Microsoft.VisualBasic.pdbr source: FW URGENT RFQ-400098211.exe, 00000000.00000002.1872410845.0000023638156000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: \??\C:\Windows\dll\mscorlib.pdb source: FW URGENT RFQ-400098211.exe, 00000000.00000002.1876550874.0000023652520000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: FW URGENT RFQ-400098211.PDB source: FW URGENT RFQ-400098211.exe, 00000000.00000002.1872137618.0000003E14EF3000.00000004.00000010.00020000.00000000.sdmp
                      Source: Binary string: System.ni.pdbRSDS source: WERBD0B.tmp.dmp.8.dr
                      Source: Binary string: )"Ayib.pdb source: FW URGENT RFQ-400098211.exe, 00000000.00000002.1872410845.0000023638156000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: System.Windows.Forms.ni.pdb source: WERBD0B.tmp.dmp.8.dr
                      Source: Binary string: System.Drawing.ni.pdb source: WERBD0B.tmp.dmp.8.dr
                      Source: Binary string: System.Windows.Forms.pdb(8 source: WERBD0B.tmp.dmp.8.dr
                      Source: Binary string: mscorlib.ni.pdbRSDS7^3l source: WERBD0B.tmp.dmp.8.dr
                      Source: Binary string: C:\Windows\Microsoft.VisualBasic.pdbpdbsic.pdb source: FW URGENT RFQ-400098211.exe, 00000000.00000002.1872410845.0000023638156000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: \??\C:\Windows\Microsoft.VisualBasic.pdbSys source: FW URGENT RFQ-400098211.exe, 00000000.00000002.1876550874.0000023652520000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: Microsoft.VisualBasic.ni.pdbRSDS& source: WERBD0B.tmp.dmp.8.dr
                      Source: Binary string: System.Drawing.ni.pdbRSDS source: WERBD0B.tmp.dmp.8.dr
                      Source: Binary string: \??\C:\Windows\dll\mscorlib.pdbtrinT source: FW URGENT RFQ-400098211.exe, 00000000.00000002.1876550874.0000023652520000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: Microsoft.VisualBasic.pdb0<c source: WERBD0B.tmp.dmp.8.dr
                      Source: Binary string: System.pdb source: WERBD0B.tmp.dmp.8.dr
                      Source: Binary string: f:\binaries\Intermediate\vb\microsoft.visualbasic.build.vbproj_731629843\objr\x86\Microsoft.VisualBasic.pdb source: FW URGENT RFQ-400098211.exe, 00000000.00000002.1872410845.00000236380EC000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: System.Core.ni.pdb source: WERBD0B.tmp.dmp.8.dr
                      Source: Binary string: Microsoft.VisualBasic.pdb source: WERBD0B.tmp.dmp.8.dr
                      Source: Binary string: C:\Users\user\Desktop\FW URGENT RFQ-400098211.PDBl source: FW URGENT RFQ-400098211.exe, 00000000.00000002.1872137618.0000003E14EF3000.00000004.00000010.00020000.00000000.sdmp
                      Source: Binary string: System.Windows.Forms.pdb source: WERBD0B.tmp.dmp.8.dr
                      Source: Binary string: \??\C:\Users\user\Desktop\FW URGENT RFQ-400098211.PDBn). source: FW URGENT RFQ-400098211.exe, 00000000.00000002.1872410845.0000023638156000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb source: FW URGENT RFQ-400098211.exe, 00000000.00000002.1872410845.0000023638156000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: mscorlib.pdb source: WERBD0B.tmp.dmp.8.dr
                      Source: Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdbf, S source: FW URGENT RFQ-400098211.exe, 00000000.00000002.1876550874.0000023652520000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: System.Windows.Forms.ni.pdbRSDS source: WERBD0B.tmp.dmp.8.dr
                      Source: Binary string: System.Drawing.pdb source: WERBD0B.tmp.dmp.8.dr
                      Source: Binary string: mscorlib.ni.pdb source: WERBD0B.tmp.dmp.8.dr
                      Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.pdb source: FW URGENT RFQ-400098211.exe, 00000000.00000002.1876550874.0000023652520000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: System.Core.pdb source: WERBD0B.tmp.dmp.8.dr
                      Source: Binary string: mscorlib.pdbP source: FW URGENT RFQ-400098211.exe, 00000000.00000002.1876550874.0000023652520000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: >pC:\Users\user\Desktop\FW URGENT RFQ-400098211.PDB` source: FW URGENT RFQ-400098211.exe, 00000000.00000002.1872137618.0000003E14EF3000.00000004.00000010.00020000.00000000.sdmp
                      Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.pdbpx source: FW URGENT RFQ-400098211.exe, 00000000.00000002.1876550874.0000023652520000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: \??\C:\Windows\symbols\dll\Microsoft.VisualBasic.pdbolean)ll source: FW URGENT RFQ-400098211.exe, 00000000.00000002.1872410845.0000023638156000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: System.ni.pdb source: WERBD0B.tmp.dmp.8.dr
                      Source: Binary string: f:\binaries\Intermediate\vb\microsoft.visualbasic.build.vbproj_731629843\objr\x86\Microsoft.VisualBasic.pdbE_STRING=Internet ExplorerFPS_BROWSER_USER_PROFILE_STRING=DefaultHOMEDRIVE=C:HOMEPATH=\Users\userLOCALAPPDATA=C:\Users\user\AppData\LocalLOGONSERVE source: FW URGENT RFQ-400098211.exe, 00000000.00000002.1876550874.0000023652520000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: System.Core.ni.pdbRSDS source: WERBD0B.tmp.dmp.8.dr

                      Networking

                      barindex
                      Yara detected Generic Downloader
                      Source: Yara matchFile source: 3.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.FW URGENT RFQ-400098211.exe.23649e79740.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.FW URGENT RFQ-400098211.exe.23649e3dcf8.2.raw.unpack, type: UNPACKEDPE
                      Source: global trafficTCP traffic: 192.168.2.4:49747 -> 108.170.55.203:587
                      Source: global trafficHTTP traffic detected: GET /line/?fields=hosting HTTP/1.1Host: ip-api.comConnection: Keep-Alive
                      Source: Joe Sandbox ViewIP Address: 208.95.112.1 208.95.112.1
                      Source: Joe Sandbox ViewIP Address: 239.255.255.250 239.255.255.250
                      Source: global trafficTCP traffic: 192.168.2.4:49747 -> 108.170.55.203:587
                      Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
                      Source: unknownTCP traffic detected without corresponding DNS query: 104.46.162.224
                      Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
                      Source: unknownTCP traffic detected without corresponding DNS query: 23.206.229.80
                      Source: unknownTCP traffic detected without corresponding DNS query: 23.206.229.80
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                      Source: global trafficHTTP traffic detected: GET /async/ddljson?async=ntp:2 HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                      Source: global trafficHTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                      Source: global trafficHTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                      Source: global trafficHTTP traffic detected: GET /_/scs/abc-static/_/js/k=gapi.gapi.en.SCWmpDDGjPk.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo_Pl64J0IIHlj2zBtEJ3ZwdaJC3HA/cb=gapi.loaded_0 HTTP/1.1Host: apis.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                      Source: global trafficHTTP traffic detected: GET /widget/app/so?awwd=1&gm3=1&origin=chrome-untrusted%3A%2F%2Fnew-tab-page&origin=chrome%3A%2F%2Fnew-tab-page&cn=app&pid=1&spid=243&hl=en HTTP/1.1Host: ogs.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                      Source: global trafficHTTP traffic detected: GET /line/?fields=hosting HTTP/1.1Host: ip-api.comConnection: Keep-Alive
                      Source: global trafficDNS traffic detected: DNS query: www.google.com
                      Source: global trafficDNS traffic detected: DNS query: ip-api.com
                      Source: global trafficDNS traffic detected: DNS query: terminal4.veeblehosting.com
                      Source: global trafficDNS traffic detected: DNS query: apis.google.com
                      Source: global trafficDNS traffic detected: DNS query: ogs.google.com
                      Source: MSBuild.exe, 00000003.00000002.2877198135.00000000067C4000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000003.00000002.2877198135.0000000006740000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000003.00000002.2871576036.0000000001460000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000003.00000002.2873047771.0000000003444000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
                      Source: MSBuild.exe, 00000003.00000002.2877198135.0000000006740000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
                      Source: MSBuild.exe, 00000003.00000002.2877198135.00000000067C4000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000003.00000002.2877198135.0000000006740000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000003.00000002.2871982802.0000000001557000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000003.00000002.2873047771.0000000003444000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q
                      Source: MSBuild.exe, 00000003.00000002.2877198135.00000000067C4000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000003.00000002.2871982802.0000000001557000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000003.00000002.2873047771.0000000003444000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000003.00000002.2871576036.0000000001498000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/cPanelIncCertificationAuthority.crl0
                      Source: MSBuild.exe, 00000003.00000002.2873047771.00000000033E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ip-api.com
                      Source: FW URGENT RFQ-400098211.exe, 00000000.00000002.1874267788.0000023649E02000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000003.00000002.2873047771.00000000033E1000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000003.00000002.2871237151.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://ip-api.com/line/?fields=hosting
                      Source: MSBuild.exe, 00000003.00000002.2877198135.00000000067C4000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000003.00000002.2877198135.0000000006740000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000003.00000002.2871576036.0000000001460000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000003.00000002.2871982802.0000000001557000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000003.00000002.2873047771.0000000003444000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000003.00000002.2871576036.0000000001498000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0
                      Source: MSBuild.exe, 00000003.00000002.2873047771.00000000033E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                      Source: MSBuild.exe, 00000003.00000002.2873047771.0000000003444000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://terminal4.veeblehosting.com
                      Source: Amcache.hve.8.drString found in binary or memory: http://upx.sf.net
                      Source: chromecache_107.7.drString found in binary or memory: http://www.broofa.com
                      Source: FW URGENT RFQ-400098211.exe, 00000000.00000002.1874267788.0000023649E02000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000003.00000002.2871237151.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://account.dyn.com/
                      Source: chromecache_120.7.drString found in binary or memory: https://accounts.google.com/o/oauth2/auth
                      Source: chromecache_120.7.drString found in binary or memory: https://accounts.google.com/o/oauth2/postmessageRelay
                      Source: chromecache_120.7.dr, chromecache_107.7.drString found in binary or memory: https://apis.google.com
                      Source: chromecache_111.7.drString found in binary or memory: https://apis.google.com/js/api.js
                      Source: chromecache_120.7.drString found in binary or memory: https://clients6.google.com
                      Source: chromecache_120.7.drString found in binary or memory: https://content.googleapis.com
                      Source: chromecache_120.7.drString found in binary or memory: https://csp.withgoogle.com/csp/lcreport/
                      Source: chromecache_120.7.drString found in binary or memory: https://domains.google.com/suggest/flow
                      Source: chromecache_107.7.drString found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/alert/v11/gm_grey200-36dp/2x/gm_alert_gm_grey200_3
                      Source: chromecache_107.7.drString found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/alert/v11/gm_grey600-36dp/2x/gm_alert_gm_grey600_3
                      Source: chromecache_107.7.drString found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/close/v19/gm_grey200-24dp/1x/gm_close_gm_grey200_2
                      Source: chromecache_107.7.drString found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/close/v19/gm_grey600-24dp/1x/gm_close_gm_grey600_2
                      Source: chromecache_121.7.drString found in binary or memory: https://ogs.google.com/
                      Source: chromecache_121.7.drString found in binary or memory: https://ogs.google.com/widget/app/so
                      Source: chromecache_106.7.drString found in binary or memory: https://play.google.com/log?format=json&hasfast=true
                      Source: chromecache_120.7.drString found in binary or memory: https://plus.google.com
                      Source: chromecache_120.7.drString found in binary or memory: https://plus.googleapis.com
                      Source: MSBuild.exe, 00000003.00000002.2877198135.00000000067C4000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000003.00000002.2871982802.0000000001557000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000003.00000002.2873047771.0000000003444000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000003.00000002.2871576036.0000000001498000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sectigo.com/CPS0
                      Source: chromecache_121.7.drString found in binary or memory: https://ssl.gstatic.com
                      Source: chromecache_111.7.drString found in binary or memory: https://uberproxy-pen-redirect.corp.google.com/uberproxy/pen?url=
                      Source: chromecache_120.7.drString found in binary or memory: https://workspace.google.com/:session_prefix:marketplace/appfinder?usegapi=1
                      Source: chromecache_111.7.drString found in binary or memory: https://www.google.com/log?format=json&hasfast=true
                      Source: chromecache_120.7.drString found in binary or memory: https://www.googleapis.com/auth/plus.me
                      Source: chromecache_120.7.drString found in binary or memory: https://www.googleapis.com/auth/plus.people.recommended
                      Source: chromecache_121.7.drString found in binary or memory: https://www.gstatic.com
                      Source: chromecache_121.7.drString found in binary or memory: https://www.gstatic.com/_/mss/boq-one-google/_/js/k=boq-one-google.OneGoogleWidgetUi.en.atEDuNh539g.
                      Source: chromecache_107.7.drString found in binary or memory: https://www.gstatic.com/gb/html/afbp.html
                      Source: chromecache_107.7.drString found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_medium.css
                      Source: chromecache_107.7.drString found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_small.css
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443

                      Key, Mouse, Clipboard, Microphone and Screen Capturing

                      barindex
                      Contains functionality to log keystrokes (.Net Source)
                      Source: 0.2.FW URGENT RFQ-400098211.exe.23649e79740.3.raw.unpack, 8WWn.cs.Net Code: UpF
                      Source: 0.2.FW URGENT RFQ-400098211.exe.23649e3dcf8.2.raw.unpack, 8WWn.cs.Net Code: UpF

                      System Summary

                      barindex
                      Malicious sample detected (through community Yara rule)
                      Source: 3.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: 0.2.FW URGENT RFQ-400098211.exe.23649e3dcf8.2.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: 0.2.FW URGENT RFQ-400098211.exe.23649e79740.3.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: 0.2.FW URGENT RFQ-400098211.exe.23649e79740.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: 0.2.FW URGENT RFQ-400098211.exe.23649e3dcf8.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Initial sample is a PE file and has a suspicious name
                      Source: initial sampleStatic PE information: Filename: FW URGENT RFQ-400098211.exe
                      Source: C:\Users\user\Desktop\FW URGENT RFQ-400098211.exeCode function: 0_2_00007FFD9BA272680_2_00007FFD9BA27268
                      Source: C:\Users\user\Desktop\FW URGENT RFQ-400098211.exeCode function: 0_2_00007FFD9BA142580_2_00007FFD9BA14258
                      Source: C:\Users\user\Desktop\FW URGENT RFQ-400098211.exeCode function: 0_2_00007FFD9BA1EA210_2_00007FFD9BA1EA21
                      Source: C:\Users\user\Desktop\FW URGENT RFQ-400098211.exeCode function: 0_2_00007FFD9BA2774B0_2_00007FFD9BA2774B
                      Source: C:\Users\user\Desktop\FW URGENT RFQ-400098211.exeCode function: 0_2_00007FFD9BA1FEBA0_2_00007FFD9BA1FEBA
                      Source: C:\Users\user\Desktop\FW URGENT RFQ-400098211.exeCode function: 0_2_00007FFD9BA1E5990_2_00007FFD9BA1E599
                      Source: C:\Users\user\Desktop\FW URGENT RFQ-400098211.exeCode function: 0_2_00007FFD9BA215A90_2_00007FFD9BA215A9
                      Source: C:\Users\user\Desktop\FW URGENT RFQ-400098211.exeCode function: 0_2_00007FFD9BA16C8C0_2_00007FFD9BA16C8C
                      Source: C:\Users\user\Desktop\FW URGENT RFQ-400098211.exeCode function: 0_2_00007FFD9BA22C5A0_2_00007FFD9BA22C5A
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01894AC03_2_01894AC0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0189CE883_2_0189CE88
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01893EA83_2_01893EA8
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_018941F03_2_018941F0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0189F6D03_2_0189F6D0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_06D287C83_2_06D287C8
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_06D232D03_2_06D232D0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_06D200403_2_06D20040
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_06D29C003_2_06D29C00
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_06D2E8403_2_06D2E840
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_06D259B03_2_06D259B0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_06D28F003_2_06D28F00
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_06D2ACA83_2_06D2ACA8
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_06D200073_2_06D20007
                      Source: C:\Users\user\Desktop\FW URGENT RFQ-400098211.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 5728 -s 1104
                      Source: FW URGENT RFQ-400098211.exeStatic PE information: No import functions for PE file found
                      Source: FW URGENT RFQ-400098211.exe, 00000000.00000000.1592013291.0000023638032000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameIpiwuvijepoyadujupoxuH vs FW URGENT RFQ-400098211.exe
                      Source: FW URGENT RFQ-400098211.exe, 00000000.00000002.1874267788.0000023649E02000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename42955ef0-2c7b-4b6e-b09e-4c0df0e3b688.exe@ vs FW URGENT RFQ-400098211.exe
                      Source: FW URGENT RFQ-400098211.exe, 00000000.00000002.1874267788.0000023649E02000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameIsarilesapipaB vs FW URGENT RFQ-400098211.exe
                      Source: FW URGENT RFQ-400098211.exeBinary or memory string: OriginalFilenameIpiwuvijepoyadujupoxuH vs FW URGENT RFQ-400098211.exe
                      Source: 3.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 0.2.FW URGENT RFQ-400098211.exe.23649e3dcf8.2.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 0.2.FW URGENT RFQ-400098211.exe.23649e79740.3.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 0.2.FW URGENT RFQ-400098211.exe.23649e79740.3.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 0.2.FW URGENT RFQ-400098211.exe.23649e3dcf8.2.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: FW URGENT RFQ-400098211.exe, -----.csCryptographic APIs: 'CreateDecryptor', 'TransformFinalBlock'
                      Source: 0.2.FW URGENT RFQ-400098211.exe.23649e79740.3.raw.unpack, G39cBQ.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 0.2.FW URGENT RFQ-400098211.exe.23649e79740.3.raw.unpack, G39cBQ.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 0.2.FW URGENT RFQ-400098211.exe.23649e79740.3.raw.unpack, sDtvQjPGfa.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 0.2.FW URGENT RFQ-400098211.exe.23649e79740.3.raw.unpack, sDtvQjPGfa.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 0.2.FW URGENT RFQ-400098211.exe.23649e79740.3.raw.unpack, sDtvQjPGfa.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 0.2.FW URGENT RFQ-400098211.exe.23649e79740.3.raw.unpack, sDtvQjPGfa.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 0.2.FW URGENT RFQ-400098211.exe.23649e79740.3.raw.unpack, b1PPCKov2KZ.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 0.2.FW URGENT RFQ-400098211.exe.23649e79740.3.raw.unpack, b1PPCKov2KZ.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
                      Source: FW URGENT RFQ-400098211.exe, -------.csSuspicious URL: 'https://yandex.ru/search/?text=%D0%BF%D1%80%D0%B8%D0%BC%D0%B5%D1%80'
                      Source: FW URGENT RFQ-400098211.exe, 00000000.00000002.1872410845.00000236380EC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: f:\binaries\Intermediate\vb\microsoft.visualbasic.build.vbproj_731629843\objr\x86\Microsoft.VisualBasic.pdb
                      Source: FW URGENT RFQ-400098211.exe, 00000000.00000002.1876550874.0000023652520000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: f:\binaries\Intermediate\vb\microsoft.visualbasic.build.vbproj_731629843\objr\x86\Microsoft.VisualBasic.pdbE_STRING=Internet ExplorerFPS_BROWSER_USER_PROFILE_STRING=DefaultHOMEDRIVE=C:HOMEPATH=\Users\userLOCALAPPDATA=C:\Users\user\AppData\LocalLOGONSERVE
                      Source: classification engineClassification label: mal100.spre.troj.spyw.expl.evad.winEXE@24/38@8/7
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeMutant created: NULL
                      Source: C:\Windows\System32\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess5728
                      Source: C:\Windows\System32\WerFault.exeFile created: C:\ProgramData\Microsoft\Windows\WER\Temp\eb6fc833-e31f-4af3-8eb1-9965d6b98dc1Jump to behavior
                      Source: FW URGENT RFQ-400098211.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                      Source: FW URGENT RFQ-400098211.exeStatic file information: TRID: Win64 Executable GUI Net Framework (217006/5) 49.88%
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                      Source: C:\Users\user\Desktop\FW URGENT RFQ-400098211.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: FW URGENT RFQ-400098211.exeReversingLabs: Detection: 37%
                      Source: FW URGENT RFQ-400098211.exeVirustotal: Detection: 30%
                      Source: C:\Users\user\Desktop\FW URGENT RFQ-400098211.exeFile read: C:\Users\user\Desktop\FW URGENT RFQ-400098211.exeJump to behavior
                      Source: unknownProcess created: C:\Users\user\Desktop\FW URGENT RFQ-400098211.exe "C:\Users\user\Desktop\FW URGENT RFQ-400098211.exe"
                      Source: C:\Users\user\Desktop\FW URGENT RFQ-400098211.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\installutil.exe"
                      Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://%3cfnc1%3e(%08)192207080962112986271363245700090061668218406782359533476819003707/
                      Source: C:\Users\user\Desktop\FW URGENT RFQ-400098211.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe"
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2424 --field-trial-handle=2392,i,10964861050037891216,14656894280507300521,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                      Source: C:\Users\user\Desktop\FW URGENT RFQ-400098211.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 5728 -s 1104
                      Source: C:\Users\user\Desktop\FW URGENT RFQ-400098211.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\installutil.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\FW URGENT RFQ-400098211.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe"Jump to behavior
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2424 --field-trial-handle=2392,i,10964861050037891216,14656894280507300521,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Users\user\Desktop\FW URGENT RFQ-400098211.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Users\user\Desktop\FW URGENT RFQ-400098211.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Users\user\Desktop\FW URGENT RFQ-400098211.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Users\user\Desktop\FW URGENT RFQ-400098211.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\Desktop\FW URGENT RFQ-400098211.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\FW URGENT RFQ-400098211.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\FW URGENT RFQ-400098211.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\FW URGENT RFQ-400098211.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Users\user\Desktop\FW URGENT RFQ-400098211.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Users\user\Desktop\FW URGENT RFQ-400098211.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\FW URGENT RFQ-400098211.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Users\user\Desktop\FW URGENT RFQ-400098211.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Users\user\Desktop\FW URGENT RFQ-400098211.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Users\user\Desktop\FW URGENT RFQ-400098211.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Users\user\Desktop\FW URGENT RFQ-400098211.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: version.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: wbemcomn.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: rasapi32.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: rasman.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: rtutils.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: mswsock.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: winhttp.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: dhcpcsvc6.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: dhcpcsvc.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: dnsapi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: winnsi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: rasadhlp.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: fwpuclnt.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: vaultcli.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: wintypes.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: secur32.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: schannel.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: mskeyprotect.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ntasn1.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ncrypt.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ncryptsslp.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Users\user\Desktop\FW URGENT RFQ-400098211.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                      Source: C:\Users\user\Desktop\FW URGENT RFQ-400098211.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\ProfilesJump to behavior
                      Source: FW URGENT RFQ-400098211.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                      Source: FW URGENT RFQ-400098211.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                      Source: FW URGENT RFQ-400098211.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                      Source: Binary string: C:\Windows\mscorlib.pdbpdblib.pdb source: FW URGENT RFQ-400098211.exe, 00000000.00000002.1876550874.0000023652520000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: Microsoft.VisualBasic.ni.pdb source: WERBD0B.tmp.dmp.8.dr
                      Source: Binary string: \??\C:\Windows\dll\Microsoft.VisualBasic.pdbr source: FW URGENT RFQ-400098211.exe, 00000000.00000002.1872410845.0000023638156000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: \??\C:\Windows\dll\mscorlib.pdb source: FW URGENT RFQ-400098211.exe, 00000000.00000002.1876550874.0000023652520000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: FW URGENT RFQ-400098211.PDB source: FW URGENT RFQ-400098211.exe, 00000000.00000002.1872137618.0000003E14EF3000.00000004.00000010.00020000.00000000.sdmp
                      Source: Binary string: System.ni.pdbRSDS source: WERBD0B.tmp.dmp.8.dr
                      Source: Binary string: )"Ayib.pdb source: FW URGENT RFQ-400098211.exe, 00000000.00000002.1872410845.0000023638156000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: System.Windows.Forms.ni.pdb source: WERBD0B.tmp.dmp.8.dr
                      Source: Binary string: System.Drawing.ni.pdb source: WERBD0B.tmp.dmp.8.dr
                      Source: Binary string: System.Windows.Forms.pdb(8 source: WERBD0B.tmp.dmp.8.dr
                      Source: Binary string: mscorlib.ni.pdbRSDS7^3l source: WERBD0B.tmp.dmp.8.dr
                      Source: Binary string: C:\Windows\Microsoft.VisualBasic.pdbpdbsic.pdb source: FW URGENT RFQ-400098211.exe, 00000000.00000002.1872410845.0000023638156000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: \??\C:\Windows\Microsoft.VisualBasic.pdbSys source: FW URGENT RFQ-400098211.exe, 00000000.00000002.1876550874.0000023652520000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: Microsoft.VisualBasic.ni.pdbRSDS& source: WERBD0B.tmp.dmp.8.dr
                      Source: Binary string: System.Drawing.ni.pdbRSDS source: WERBD0B.tmp.dmp.8.dr
                      Source: Binary string: \??\C:\Windows\dll\mscorlib.pdbtrinT source: FW URGENT RFQ-400098211.exe, 00000000.00000002.1876550874.0000023652520000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: Microsoft.VisualBasic.pdb0<c source: WERBD0B.tmp.dmp.8.dr
                      Source: Binary string: System.pdb source: WERBD0B.tmp.dmp.8.dr
                      Source: Binary string: f:\binaries\Intermediate\vb\microsoft.visualbasic.build.vbproj_731629843\objr\x86\Microsoft.VisualBasic.pdb source: FW URGENT RFQ-400098211.exe, 00000000.00000002.1872410845.00000236380EC000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: System.Core.ni.pdb source: WERBD0B.tmp.dmp.8.dr
                      Source: Binary string: Microsoft.VisualBasic.pdb source: WERBD0B.tmp.dmp.8.dr
                      Source: Binary string: C:\Users\user\Desktop\FW URGENT RFQ-400098211.PDBl source: FW URGENT RFQ-400098211.exe, 00000000.00000002.1872137618.0000003E14EF3000.00000004.00000010.00020000.00000000.sdmp
                      Source: Binary string: System.Windows.Forms.pdb source: WERBD0B.tmp.dmp.8.dr
                      Source: Binary string: \??\C:\Users\user\Desktop\FW URGENT RFQ-400098211.PDBn). source: FW URGENT RFQ-400098211.exe, 00000000.00000002.1872410845.0000023638156000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb source: FW URGENT RFQ-400098211.exe, 00000000.00000002.1872410845.0000023638156000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: mscorlib.pdb source: WERBD0B.tmp.dmp.8.dr
                      Source: Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdbf, S source: FW URGENT RFQ-400098211.exe, 00000000.00000002.1876550874.0000023652520000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: System.Windows.Forms.ni.pdbRSDS source: WERBD0B.tmp.dmp.8.dr
                      Source: Binary string: System.Drawing.pdb source: WERBD0B.tmp.dmp.8.dr
                      Source: Binary string: mscorlib.ni.pdb source: WERBD0B.tmp.dmp.8.dr
                      Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.pdb source: FW URGENT RFQ-400098211.exe, 00000000.00000002.1876550874.0000023652520000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: System.Core.pdb source: WERBD0B.tmp.dmp.8.dr
                      Source: Binary string: mscorlib.pdbP source: FW URGENT RFQ-400098211.exe, 00000000.00000002.1876550874.0000023652520000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: >pC:\Users\user\Desktop\FW URGENT RFQ-400098211.PDB` source: FW URGENT RFQ-400098211.exe, 00000000.00000002.1872137618.0000003E14EF3000.00000004.00000010.00020000.00000000.sdmp
                      Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.pdbpx source: FW URGENT RFQ-400098211.exe, 00000000.00000002.1876550874.0000023652520000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: \??\C:\Windows\symbols\dll\Microsoft.VisualBasic.pdbolean)ll source: FW URGENT RFQ-400098211.exe, 00000000.00000002.1872410845.0000023638156000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: System.ni.pdb source: WERBD0B.tmp.dmp.8.dr
                      Source: Binary string: f:\binaries\Intermediate\vb\microsoft.visualbasic.build.vbproj_731629843\objr\x86\Microsoft.VisualBasic.pdbE_STRING=Internet ExplorerFPS_BROWSER_USER_PROFILE_STRING=DefaultHOMEDRIVE=C:HOMEPATH=\Users\userLOCALAPPDATA=C:\Users\user\AppData\LocalLOGONSERVE source: FW URGENT RFQ-400098211.exe, 00000000.00000002.1876550874.0000023652520000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: System.Core.ni.pdbRSDS source: WERBD0B.tmp.dmp.8.dr
                      Source: FW URGENT RFQ-400098211.exeStatic PE information: 0x8E923614 [Wed Oct 18 13:39:32 2045 UTC]
                      Source: C:\Users\user\Desktop\FW URGENT RFQ-400098211.exeCode function: 0_2_00007FFD9BA25996 push ebp; retf 0_2_00007FFD9BA259D8
                      Source: C:\Users\user\Desktop\FW URGENT RFQ-400098211.exeCode function: 0_2_00007FFD9BA100BD pushad ; iretd 0_2_00007FFD9BA100C1
                      Source: C:\Users\user\Desktop\FW URGENT RFQ-400098211.exeCode function: 0_2_00007FFD9BA1BD90 push ebp; retf 0_2_00007FFD9BA259D8
                      Source: C:\Users\user\Desktop\FW URGENT RFQ-400098211.exeCode function: 0_2_00007FFD9BA25570 push edx; iretd 0_2_00007FFD9BA255DB
                      Source: C:\Users\user\Desktop\FW URGENT RFQ-400098211.exeCode function: 0_2_00007FFD9BA25555 push edx; iretd 0_2_00007FFD9BA255DB
                      Source: C:\Users\user\Desktop\FW URGENT RFQ-400098211.exeCode function: 0_2_00007FFD9BAF026B push esp; retf 4810h0_2_00007FFD9BAF0312
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_06D2B9D0 push eax; ret 3_2_06D2B9DD
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_072C27CD push dword ptr [ecx+ecx-75h]; iretd 3_2_072C27D3
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_072C11B3 push es; ret 3_2_072C11C0
                      Source: C:\Users\user\Desktop\FW URGENT RFQ-400098211.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\FW URGENT RFQ-400098211.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\FW URGENT RFQ-400098211.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\FW URGENT RFQ-400098211.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\FW URGENT RFQ-400098211.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\FW URGENT RFQ-400098211.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\FW URGENT RFQ-400098211.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\FW URGENT RFQ-400098211.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\FW URGENT RFQ-400098211.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\FW URGENT RFQ-400098211.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\FW URGENT RFQ-400098211.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\FW URGENT RFQ-400098211.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\FW URGENT RFQ-400098211.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\FW URGENT RFQ-400098211.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\FW URGENT RFQ-400098211.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\FW URGENT RFQ-400098211.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\FW URGENT RFQ-400098211.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\FW URGENT RFQ-400098211.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\FW URGENT RFQ-400098211.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\FW URGENT RFQ-400098211.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\FW URGENT RFQ-400098211.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\FW URGENT RFQ-400098211.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\FW URGENT RFQ-400098211.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\FW URGENT RFQ-400098211.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\FW URGENT RFQ-400098211.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\FW URGENT RFQ-400098211.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\FW URGENT RFQ-400098211.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\FW URGENT RFQ-400098211.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\FW URGENT RFQ-400098211.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\FW URGENT RFQ-400098211.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\FW URGENT RFQ-400098211.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\FW URGENT RFQ-400098211.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\FW URGENT RFQ-400098211.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\FW URGENT RFQ-400098211.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                      Malware Analysis System Evasion

                      barindex
                      Yara detected AntiVM3
                      Source: Yara matchFile source: Process Memory Space: FW URGENT RFQ-400098211.exe PID: 5728, type: MEMORYSTR
                      Check if machine is in data center or colocation facility
                      Source: global trafficHTTP traffic detected: GET /line/?fields=hosting HTTP/1.1Host: ip-api.comConnection: Keep-Alive
                      Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                      Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                      Source: FW URGENT RFQ-400098211.exe, 00000000.00000002.1873031135.0000023639E38000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: WINE_GET_UNIX_FILE_NAME
                      Source: FW URGENT RFQ-400098211.exe, 00000000.00000002.1873031135.0000023639E38000.00000004.00000800.00020000.00000000.sdmp, FW URGENT RFQ-400098211.exe, 00000000.00000002.1874267788.0000023649E02000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000003.00000002.2871237151.0000000000402000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL
                      Source: C:\Users\user\Desktop\FW URGENT RFQ-400098211.exeMemory allocated: 23638350000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\FW URGENT RFQ-400098211.exeMemory allocated: 23651DF0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeMemory allocated: 1890000 memory reserve | memory write watchJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeMemory allocated: 33E0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeMemory allocated: 3160000 memory reserve | memory write watchJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWindow / User API: threadDelayed 572Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWindow / User API: threadDelayed 2856Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 8280Thread sleep time: -11068046444225724s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 8280Thread sleep time: -100000s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 8292Thread sleep count: 572 > 30Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 8280Thread sleep time: -99878s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 8292Thread sleep count: 2856 > 30Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 8280Thread sleep time: -99746s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 8280Thread sleep time: -99639s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 8280Thread sleep time: -99530s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 8280Thread sleep time: -99367s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 8280Thread sleep time: -98229s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 8280Thread sleep time: -98071s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 8280Thread sleep time: -97847s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 8280Thread sleep time: -97717s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 8280Thread sleep time: -97601s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 8280Thread sleep time: -97492s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 8280Thread sleep time: -97383s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 8280Thread sleep time: -97274s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 8280Thread sleep time: -97165s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 8280Thread sleep time: -97062s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 8280Thread sleep time: -96952s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 8280Thread sleep time: -96843s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 8280Thread sleep time: -96733s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 8280Thread sleep time: -96622s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 8280Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\FW URGENT RFQ-400098211.exeLast function: Thread delayed
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 100000Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 99878Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 99746Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 99639Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 99530Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 99367Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 98229Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 98071Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 97847Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 97717Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 97601Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 97492Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 97383Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 97274Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 97165Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 97062Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 96952Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 96843Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 96733Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 96622Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: Amcache.hve.8.drBinary or memory string: VMware
                      Source: Amcache.hve.8.drBinary or memory string: VMware Virtual USB Mouse
                      Source: Amcache.hve.8.drBinary or memory string: vmci.syshbin
                      Source: Amcache.hve.8.drBinary or memory string: VMware, Inc.
                      Source: FW URGENT RFQ-400098211.exe, 00000000.00000002.1873031135.0000023639E38000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
                      Source: Amcache.hve.8.drBinary or memory string: VMware20,1hbin@
                      Source: Amcache.hve.8.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
                      Source: Amcache.hve.8.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                      Source: Amcache.hve.8.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
                      Source: Amcache.hve.8.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                      Source: FW URGENT RFQ-400098211.exe, 00000000.00000002.1873031135.0000023639E38000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMWARE
                      Source: FW URGENT RFQ-400098211.exe, 00000000.00000002.1873031135.0000023639E38000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: InstallPath%C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\'C:\WINDOWS\system32\drivers\vmmouse.sys&C:\WINDOWS\system32\drivers\vmhgfs.sys
                      Source: Amcache.hve.8.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
                      Source: FW URGENT RFQ-400098211.exe, 00000000.00000002.1873031135.0000023639E38000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMWARE"SOFTWARE\VMware, Inc.\VMware ToolsLHARDWARE\DEVICEMAP\Scsi\Scsi Port 1\Scsi Bus 0\Target Id 0\Logical Unit Id 0LHARDWARE\DEVICEMAP\Scsi\Scsi Port 2\Scsi Bus 0\Target Id 0\Logical Unit Id 0'SYSTEM\ControlSet001\Services\Disk\Enum
                      Source: FW URGENT RFQ-400098211.exe, 00000000.00000002.1873031135.0000023639E38000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware SVGA II
                      Source: Amcache.hve.8.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
                      Source: Amcache.hve.8.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                      Source: MSBuild.exe, 00000003.00000002.2877198135.0000000006740000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                      Source: Amcache.hve.8.drBinary or memory string: vmci.sys
                      Source: Amcache.hve.8.drBinary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0
                      Source: FW URGENT RFQ-400098211.exe, 00000000.00000002.1873031135.0000023639E38000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\WINDOWS\system32\drivers\vmmouse.sys
                      Source: Amcache.hve.8.drBinary or memory string: vmci.syshbin`
                      Source: MSBuild.exe, 00000003.00000002.2871237151.0000000000402000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: vmware
                      Source: Amcache.hve.8.drBinary or memory string: \driver\vmci,\driver\pci
                      Source: FW URGENT RFQ-400098211.exe, 00000000.00000002.1873031135.0000023639E38000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\WINDOWS\system32\drivers\vmhgfs.sys
                      Source: FW URGENT RFQ-400098211.exe, 00000000.00000002.1873031135.0000023639E38000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SOFTWARE\VMware, Inc.\VMware Tools
                      Source: Amcache.hve.8.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                      Source: Amcache.hve.8.drBinary or memory string: VMware20,1
                      Source: Amcache.hve.8.drBinary or memory string: Microsoft Hyper-V Generation Counter
                      Source: Amcache.hve.8.drBinary or memory string: NECVMWar VMware SATA CD00
                      Source: Amcache.hve.8.drBinary or memory string: VMware Virtual disk SCSI Disk Device
                      Source: Amcache.hve.8.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
                      Source: Amcache.hve.8.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
                      Source: Amcache.hve.8.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
                      Source: Amcache.hve.8.drBinary or memory string: VMware PCI VMCI Bus Device
                      Source: FW URGENT RFQ-400098211.exe, 00000000.00000002.1873031135.0000023639E38000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: noValueButYesKey)C:\WINDOWS\system32\drivers\VBoxMouse.sys
                      Source: FW URGENT RFQ-400098211.exe, 00000000.00000002.1873031135.0000023639E38000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\WINDOWS\system32\drivers\VBoxMouse.sys
                      Source: Amcache.hve.8.drBinary or memory string: VMware VMCI Bus Device
                      Source: Amcache.hve.8.drBinary or memory string: VMware Virtual RAM
                      Source: Amcache.hve.8.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
                      Source: MSBuild.exe, 00000003.00000002.2871237151.0000000000402000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: VMwareVBox
                      Source: Amcache.hve.8.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information queried: ProcessInformationJump to behavior

                      Anti Debugging

                      barindex
                      Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_018970B0 CheckRemoteDebuggerPresent,3_2_018970B0
                      Source: C:\Users\user\Desktop\FW URGENT RFQ-400098211.exeProcess queried: DebugPortJump to behavior
                      Source: C:\Users\user\Desktop\FW URGENT RFQ-400098211.exeProcess queried: DebugPortJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess queried: DebugPortJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Users\user\Desktop\FW URGENT RFQ-400098211.exeMemory allocated: page read and write | page guardJump to behavior

                      HIPS / PFW / Operating System Protection Evasion

                      barindex
                      .NET source code references suspicious native API functions
                      Source: FW URGENT RFQ-400098211.exe, -----.csReference to suspicious API methods: GetProcAddress(_322E_31DD_31D6_31E8_31DA_319D, _3196_320A_A9B5_321D(_A9B9_319B))
                      Source: FW URGENT RFQ-400098211.exe, -----.csReference to suspicious API methods: VirtualProtect(procAddress, (uint)_319F_31CC_31C2_3211_A9BD_31E7_3205.Length, 64u, out var _31D9_A9B7_322A)
                      Source: 0.2.FW URGENT RFQ-400098211.exe.23649e79740.3.raw.unpack, uRcQkDeJoO4.csReference to suspicious API methods: zHSk.OpenProcess(C6Nh1Wz8.DuplicateHandle, bInheritHandle: true, (uint)_4aIajlwkXEt2.ProcessID)
                      Allocates memory in foreign processes
                      Source: C:\Users\user\Desktop\FW URGENT RFQ-400098211.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000 protect: page execute and read and writeJump to behavior
                      Injects a PE file into a foreign processes
                      Source: C:\Users\user\Desktop\FW URGENT RFQ-400098211.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000 value starts with: 4D5AJump to behavior
                      Writes to foreign memory regions
                      Source: C:\Users\user\Desktop\FW URGENT RFQ-400098211.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000Jump to behavior
                      Source: C:\Users\user\Desktop\FW URGENT RFQ-400098211.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 402000Jump to behavior
                      Source: C:\Users\user\Desktop\FW URGENT RFQ-400098211.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 43E000Jump to behavior
                      Source: C:\Users\user\Desktop\FW URGENT RFQ-400098211.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 440000Jump to behavior
                      Source: C:\Users\user\Desktop\FW URGENT RFQ-400098211.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 1235008Jump to behavior
                      Source: C:\Users\user\Desktop\FW URGENT RFQ-400098211.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\installutil.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\FW URGENT RFQ-400098211.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\FW URGENT RFQ-400098211.exeQueries volume information: C:\Users\user\Desktop\FW URGENT RFQ-400098211.exe VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\FW URGENT RFQ-400098211.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                      Source: Amcache.hve.8.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
                      Source: Amcache.hve.8.drBinary or memory string: msmpeng.exe
                      Source: Amcache.hve.8.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
                      Source: Amcache.hve.8.drBinary or memory string: MsMpEng.exe

                      Stealing of Sensitive Information

                      barindex
                      Yara detected AgentTesla
                      Source: Yara matchFile source: 3.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.FW URGENT RFQ-400098211.exe.23649e3dcf8.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.FW URGENT RFQ-400098211.exe.23649e79740.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.FW URGENT RFQ-400098211.exe.23649e79740.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.FW URGENT RFQ-400098211.exe.23649e3dcf8.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000003.00000002.2873047771.0000000003462000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.2873047771.000000000343E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.2871237151.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.2873047771.0000000003412000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1874267788.0000023649E02000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: FW URGENT RFQ-400098211.exe PID: 5728, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: MSBuild.exe PID: 7288, type: MEMORYSTR
                      Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\SessionsJump to behavior
                      Tries to harvest and steal browser information (history, passwords, etc)
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\8pecxstudios\Cyberfox\profiles.iniJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\NETGATE Technologies\BlackHawk\profiles.iniJump to behavior
                      Tries to harvest and steal ftp login credentials
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\FTP Navigator\Ftplist.txtJump to behavior
                      Tries to steal Mail credentials (via file / registry access)
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\ProfilesJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\IdentitiesJump to behavior
                      Source: Yara matchFile source: 3.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.FW URGENT RFQ-400098211.exe.23649e3dcf8.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.FW URGENT RFQ-400098211.exe.23649e79740.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.FW URGENT RFQ-400098211.exe.23649e79740.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.FW URGENT RFQ-400098211.exe.23649e3dcf8.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000003.00000002.2871237151.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.2873047771.0000000003412000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1874267788.0000023649E02000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: FW URGENT RFQ-400098211.exe PID: 5728, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: MSBuild.exe PID: 7288, type: MEMORYSTR

                      Remote Access Functionality

                      barindex
                      Yara detected AgentTesla
                      Source: Yara matchFile source: 3.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.FW URGENT RFQ-400098211.exe.23649e3dcf8.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.FW URGENT RFQ-400098211.exe.23649e79740.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.FW URGENT RFQ-400098211.exe.23649e79740.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.FW URGENT RFQ-400098211.exe.23649e3dcf8.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000003.00000002.2873047771.0000000003462000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.2873047771.000000000343E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.2871237151.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.2873047771.0000000003412000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1874267788.0000023649E02000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: FW URGENT RFQ-400098211.exe PID: 5728, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: MSBuild.exe PID: 7288, type: MEMORYSTR

                      Mitre Att&ck Matrix

                      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                      Gather Victim Identity InformationAcquire InfrastructureValid Accounts121
                      Windows Management Instrumentation                      		1
                      DLL Side-Loading                      		1
                      DLL Side-Loading                      		1
                      Disable or Modify Tools                      		2
                      OS Credential Dumping                      		1
                      File and Directory Discovery                      		Remote Services11
                      Archive Collected Data                      		1
                      Ingress Tool Transfer                      		Exfiltration Over Other Network MediumAbuse Accessibility Features
                      CredentialsDomainsDefault Accounts1
                      Native API                      		Boot or Logon Initialization Scripts311
                      Process Injection                      		1
                      Deobfuscate/Decode Files or Information                      		1
                      Input Capture                      		24
                      System Information Discovery                      		Remote Desktop Protocol2
                      Data from Local System                      		11
                      Encrypted Channel                      		Exfiltration Over BluetoothNetwork Denial of Service
                      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
                      Obfuscated Files or Information                      		1
                      Credentials in Registry                      		431
                      Security Software Discovery                      		SMB/Windows Admin Shares1
                      Email Collection                      		1
                      Non-Standard Port                      		Automated ExfiltrationData Encrypted for Impact
                      Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
                      Timestomp                      		NTDS1
                      Process Discovery                      		Distributed Component Object Model1
                      Input Capture                      		2
                      Non-Application Layer Protocol                      		Traffic DuplicationData Destruction
                      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                      DLL Side-Loading                      		LSA Secrets151
                      Virtualization/Sandbox Evasion                      		SSHKeylogging13
                      Application Layer Protocol                      		Scheduled TransferData Encrypted for Impact
                      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts151
                      Virtualization/Sandbox Evasion                      		Cached Domain Credentials1
                      Application Window Discovery                      		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                      DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items311
                      Process Injection                      		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

                      Behavior Graph

                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet
                      behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1436367 Sample: FW URGENT RFQ-400098211.exe Startdate: 04/05/2024 Architecture: WINDOWS Score: 100 23 terminal4.veeblehosting.com 2->23 25 ip-api.com 2->25 27 3 other IPs or domains 2->27 43 Found malware configuration 2->43 45 Malicious sample detected (through community Yara rule) 2->45 47 Multi AV Scanner detection for submitted file 2->47 49 11 other signatures 2->49 7 FW URGENT RFQ-400098211.exe 2 2->7         started        10 chrome.exe 1 2->10         started        signatures3 process4 dnsIp5 51 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 7->51 53 Writes to foreign memory regions 7->53 55 Allocates memory in foreign processes 7->55 57 Injects a PE file into a foreign processes 7->57 13 MSBuild.exe 15 2 7->13         started        17 WerFault.exe 19 16 7->17         started        19 InstallUtil.exe 7->19         started        29 192.168.2.4, 138, 443, 49723 unknown unknown 10->29 31 239.255.255.250 unknown Reserved 10->31 21 chrome.exe 10->21         started        signatures6 process7 dnsIp8 33 ip-api.com 208.95.112.1, 49742, 80 TUT-ASUS United States 13->33 35 terminal4.veeblehosting.com 108.170.55.203, 49747, 587 SSASN2US United States 13->35 59 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 13->59 61 Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) 13->61 63 Tries to steal Mail credentials (via file / registry access) 13->63 65 3 other signatures 13->65 37 www.google.com 142.250.68.4, 443, 49731, 49732 GOOGLEUS United States 21->37 39 www3.l.google.com 142.250.72.142, 443, 49768 GOOGLEUS United States 21->39 41 3 other IPs or domains 21->41 signatures9

                      Screenshots

                      Thumbnails

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                      windows-stand

                      Antivirus, Machine Learning and Genetic Malware Detection

                      Initial Sample

                      SourceDetectionScannerLabelLink
                      FW URGENT RFQ-400098211.exe38%ReversingLabsByteCode-MSIL.Trojan.Generic
                      FW URGENT RFQ-400098211.exe30%VirustotalBrowse
                      FW URGENT RFQ-400098211.exe100%Joe Sandbox ML

                      Dropped Files

                      No Antivirus matches

                      Unpacked PE Files

                      No Antivirus matches

                      Domains

                      SourceDetectionScannerLabelLink
                      bg.microsoft.map.fastly.net0%VirustotalBrowse
                      fp2e7a.wpc.phicdn.net0%VirustotalBrowse

                      URLs

                      SourceDetectionScannerLabelLink
                      https://sectigo.com/CPS00%URL Reputationsafe
                      https://sectigo.com/CPS00%URL Reputationsafe
                      http://www.broofa.com0%URL Reputationsafe
                      https://csp.withgoogle.com/csp/lcreport/0%URL Reputationsafe

                      Domains and IPs

                      Contacted Domains

                      NameIPActiveMaliciousAntivirus DetectionReputation
                      bg.microsoft.map.fastly.net
                      		199.232.210.172
                      		truefalseunknown
                      plus.l.google.com
                      		172.217.12.142
                      		truefalse
                        		high
                        www3.l.google.com
                        		142.250.72.142
                        		truefalse
                          		high
                          www.google.com
                          		142.250.68.4
                          		truefalse
                            		high
                            ip-api.com
                            		208.95.112.1
                            		truefalse
                              		high
                              terminal4.veeblehosting.com
                              		108.170.55.203
                              		truefalse
                                		high
                                fp2e7a.wpc.phicdn.net
                                		192.229.211.108
                                		truefalseunknown
                                ogs.google.com
                                		unknown
                                		unknownfalse
                                  		high
                                  apis.google.com
                                  		unknown
                                  		unknownfalse
                                    		high

                                    Contacted URLs

                                    NameMaliciousAntivirus DetectionReputation
                                    https://www.google.com/async/newtab_promosfalse
                                      		high
                                      https://www.google.com/async/ddljson?async=ntp:2false
                                        		high
                                        https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgwfalse
                                          		high
                                          https://ogs.google.com/widget/app/so?awwd=1&gm3=1&origin=chrome-untrusted%3A%2F%2Fnew-tab-page&origin=chrome%3A%2F%2Fnew-tab-page&cn=app&pid=1&spid=243&hl=enfalse
                                            		high
                                            https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.SCWmpDDGjPk.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo_Pl64J0IIHlj2zBtEJ3ZwdaJC3HA/cb=gapi.loaded_0false
                                              		high
                                              https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0false
                                                		high
                                                http://ip-api.com/line/?fields=hostingfalse
                                                  		high

                                                  URLs from Memory and Binaries

                                                  NameSourceMaliciousAntivirus DetectionReputation
                                                  https://ogs.google.com/chromecache_121.7.drfalse
                                                    		high
                                                    http://terminal4.veeblehosting.comMSBuild.exe, 00000003.00000002.2873047771.0000000003444000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://sectigo.com/CPS0MSBuild.exe, 00000003.00000002.2877198135.00000000067C4000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000003.00000002.2871982802.0000000001557000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000003.00000002.2873047771.0000000003444000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000003.00000002.2871576036.0000000001498000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      • URL Reputation: safe
                                                      		unknown
                                                      http://www.broofa.comchromecache_107.7.drfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      https://account.dyn.com/FW URGENT RFQ-400098211.exe, 00000000.00000002.1874267788.0000023649E02000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000003.00000002.2871237151.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://apis.google.com/js/api.jschromecache_111.7.drfalse
                                                          		high
                                                          https://www.google.com/log?format=json&hasfast=truechromecache_111.7.drfalse
                                                            		high
                                                            http://upx.sf.netAmcache.hve.8.drfalse
                                                              		high
                                                              https://workspace.google.com/:session_prefix:marketplace/appfinder?usegapi=1chromecache_120.7.drfalse
                                                                		high
                                                                https://plus.google.comchromecache_120.7.drfalse
                                                                  		high
                                                                  https://uberproxy-pen-redirect.corp.google.com/uberproxy/pen?url=chromecache_111.7.drfalse
                                                                    		high
                                                                    https://play.google.com/log?format=json&hasfast=truechromecache_106.7.drfalse
                                                                      		high
                                                                      https://csp.withgoogle.com/csp/lcreport/chromecache_120.7.drfalse
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      http://ip-api.comMSBuild.exe, 00000003.00000002.2873047771.00000000033E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://apis.google.comchromecache_120.7.dr, chromecache_107.7.drfalse
                                                                          		high
                                                                          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameMSBuild.exe, 00000003.00000002.2873047771.00000000033E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://ogs.google.com/widget/app/sochromecache_121.7.drfalse
                                                                              		high
                                                                              https://domains.google.com/suggest/flowchromecache_120.7.drfalse
                                                                                		high
                                                                                https://clients6.google.comchromecache_120.7.drfalse
                                                                                  		high

                                                                                  World Map of Contacted IPs

                                                                                  • No. of IPs < 25%
                                                                                  • 25% < No. of IPs < 50%
                                                                                  • 50% < No. of IPs < 75%
                                                                                  • 75% < No. of IPs

                                                                                  Public IPs

                                                                                  IPDomainCountryFlagASNASN NameMalicious
                                                                                  142.250.68.4
                                                                                  		www.google.comUnited States
                                                                                  		15169GOOGLEUSfalse
                                                                                  108.170.55.203
                                                                                  		terminal4.veeblehosting.comUnited States
                                                                                  		20454SSASN2USfalse
                                                                                  208.95.112.1
                                                                                  		ip-api.comUnited States
                                                                                  		53334TUT-ASUSfalse
                                                                                  172.217.12.142
                                                                                  		plus.l.google.comUnited States
                                                                                  		15169GOOGLEUSfalse
                                                                                  239.255.255.250
                                                                                  		unknownReserved
                                                                                  		unknownunknownfalse
                                                                                  142.250.72.142
                                                                                  		www3.l.google.comUnited States
                                                                                  		15169GOOGLEUSfalse

                                                                                  Private

                                                                                  IP
                                                                                  192.168.2.4

                                                                                  General Information

                                                                                  Joe Sandbox version:40.0.0 Tourmaline
                                                                                  Analysis ID:1436367
                                                                                  Start date and time:2024-05-04 20:22:04 +02:00
                                                                                  Joe Sandbox product:CloudBasic
                                                                                  Overall analysis duration:0h 5m 29s
                                                                                  Hypervisor based Inspection enabled:false
                                                                                  Report type:full
                                                                                  Cookbook file name:default.jbs
                                                                                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                  Number of analysed new started processes analysed:17
                                                                                  Number of new started drivers analysed:0
                                                                                  Number of existing processes analysed:0
                                                                                  Number of existing drivers analysed:0
                                                                                  Number of injected processes analysed:0
                                                                                  Technologies:
                                                                                  • HCA enabled
                                                                                  • EGA enabled
                                                                                  • AMSI enabled
                                                                                  Analysis Mode:default
                                                                                  Analysis stop reason:Timeout
                                                                                  Sample name:FW URGENT RFQ-400098211.exe
                                                                                  Detection:MAL
                                                                                  Classification:mal100.spre.troj.spyw.expl.evad.winEXE@24/38@8/7
                                                                                  EGA Information:
                                                                                  • Successful, ratio: 100%
                                                                                  HCA Information:
                                                                                  • Successful, ratio: 92%
                                                                                  • Number of executed functions: 62
                                                                                  • Number of non-executed functions: 6
                                                                                  Cookbook Comments:
                                                                                  • Found application associated with file extension: .exe

                                                                                  Warnings

                                                                                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, conhost.exe, MoUsoCoreWorker.exe, svchost.exe
                                                                                  • Excluded IPs from analysis (whitelisted): 142.250.188.227, 142.250.72.174, 142.250.141.84, 34.104.35.123, 172.217.12.131, 20.190.190.194, 20.190.190.129, 40.126.62.132, 40.126.62.131, 20.190.190.195, 40.126.62.130, 40.126.62.129, 20.190.190.131, 199.232.210.172, 192.229.211.108, 72.247.100.147, 52.165.165.26, 20.242.39.171, 20.189.173.20, 13.85.23.206, 52.168.117.173, 142.250.189.3, 20.42.73.29, 13.89.179.12, 142.250.217.142, 142.250.176.3, 20.42.65.92
                                                                                  • Excluded domains from analysis (whitelisted): onedsblobprdeus16.eastus.cloudapp.azure.com, ssl.gstatic.com, slscr.update.microsoft.com, clientservices.googleapis.com, onedsblobprdcus17.centralus.cloudapp.azure.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, clients2.google.com, ocsp.digicert.com, login.live.com, e16604.g.akamaiedge.net, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, onedsblobprdeus15.eastus.cloudapp.azure.com, sls.update.microsoft.com, update.googleapis.com, www.gstatic.com, prod.fs.microsoft.com.akadns.net, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net, clients1.google.com, prdv4a.aadg.msidentity.com, fs.microsoft.com, accounts.google.com, ctldl.windowsupdate.com.delivery.microsoft.com, fonts.gstatic.com, www.tm.v4.a.prd.aadg.trafficmanager.net, onedsblobprdwus15.westus.cloudapp.azure.com, ctldl.windowsupdate.com, login.msa.msidentity.com, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.micr
                                                                                  • HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                  • Not all processes where analyzed, report is missing behavior information
                                                                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                  • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                  • Report size getting too big, too many NtSetInformationFile calls found.

                                                                                  Simulations

                                                                                  Behavior and APIs

                                                                                  TimeTypeDescription
                                                                                  20:22:56API Interceptor20x Sleep call for process: MSBuild.exe modified
                                                                                  20:23:13API Interceptor1x Sleep call for process: WerFault.exe modified

                                                                                  Joe Sandbox View / Context

                                                                                  IPs

                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                  208.95.112.10KRPn.vbsGet hashmaliciousAgentTeslaBrowse
                                                                                  • ip-api.com/line/?fields=hosting
                                                                                  2AylrL13DwoqmCT.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                  • ip-api.com/line/?fields=hosting
                                                                                  DHL_VTER000105453.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                  • ip-api.com/line/?fields=hosting
                                                                                  43643456.exeGet hashmaliciousAgentTeslaBrowse
                                                                                  • ip-api.com/line/?fields=hosting
                                                                                  DHL_VTER000105450.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                  • ip-api.com/line/?fields=hosting
                                                                                  DHL Receipt_AWB 9899691321..exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                  • ip-api.com/line/?fields=hosting
                                                                                  Sipari#U015f.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                  • ip-api.com/line/?fields=hosting
                                                                                  Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeGet hashmaliciousAgentTeslaBrowse
                                                                                  • ip-api.com/line/?fields=hosting
                                                                                  Dekont.pdf.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                  • ip-api.com/line/?fields=hosting
                                                                                  http://www.open-sora.orgGet hashmaliciousExela Stealer, Growtopia, Python StealerBrowse
                                                                                  • ip-api.com/json
                                                                                  108.170.55.203NEW ORDER QUOTATION REQUEST.exeGet hashmaliciousAgentTeslaBrowse
                                                                                    1afdvZZJ9U.exeGet hashmaliciousAgentTeslaBrowse
                                                                                      4Red82RLic.exeGet hashmaliciousAgentTeslaBrowse
                                                                                        QUOTATION.xlsGet hashmaliciousAgentTeslaBrowse
                                                                                          239.255.255.250http://www.cgbv.gorifhraou.com/Get hashmaliciousUnknownBrowse
                                                                                            OgcktrbHkI.exeGet hashmaliciousTofseeBrowse
                                                                                              SecuriteInfo.com.Trojan.TR.Crypt.XPACK.Gen.18101.30858.exeGet hashmaliciousUnknownBrowse
                                                                                                mBW2MzlcHN.exeGet hashmaliciousLockBit ransomware, PureLog StealerBrowse
                                                                                                  0e46.scr.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                    Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                      Dekont.pdf.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                        #U00d6deme tavsiyesi.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                          E7236252-receipt.vbsGet hashmaliciousXWormBrowse
                                                                                                            4365078236450.LnK.lnkGet hashmaliciousUnknownBrowse

                                                                                                              Domains

                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                              fp2e7a.wpc.phicdn.nethttp://www.cgbv.gorifhraou.com/Get hashmaliciousUnknownBrowse
                                                                                                              • 192.229.211.108
                                                                                                              VxN9LYUV1f.exeGet hashmaliciousPureLog Stealer, zgRATBrowse
                                                                                                              • 192.229.211.108
                                                                                                              ALnIyAYT8g.exeGet hashmaliciousPureLog Stealer, zgRATBrowse
                                                                                                              • 192.229.211.108
                                                                                                              K7jrWeA2ym.exeGet hashmaliciousPureLog StealerBrowse
                                                                                                              • 192.229.211.108
                                                                                                              xoRN6fxApwT8Kin.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                              • 192.229.211.108
                                                                                                              HAhJORNtiOFCEGH.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                              • 192.229.211.108
                                                                                                              43643456.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                              • 192.229.211.108
                                                                                                              Hesaphareketi-01.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                              • 192.229.211.108
                                                                                                              LFfjUMuUFU.exeGet hashmaliciousAsyncRAT, PureLog Stealer, XWormBrowse
                                                                                                              • 192.229.211.108
                                                                                                              https://lestore.lenovo.com/detail/L109130Get hashmaliciousUnknownBrowse
                                                                                                              • 192.229.211.108
                                                                                                              terminal4.veeblehosting.comORDEN DEL PROYECTO.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                              • 108.170.55.202
                                                                                                              J728NYumpJ.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                              • 108.170.55.202
                                                                                                              rInquiry.exeGet hashmaliciousAgentTesla, Discord Token StealerBrowse
                                                                                                              • 108.170.55.202
                                                                                                              NEW ORDER QUOTATION REQUEST.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                              • 108.170.55.203
                                                                                                              NEW QUOTATION FOR ORDER.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                              • 108.170.55.202
                                                                                                              ENQUIRY FOR QUOTATION.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                              • 108.170.55.202
                                                                                                              SecuriteInfo.com.Win64.MalwareX-gen.15169.25783.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                              • 108.170.55.203
                                                                                                              1afdvZZJ9U.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                              • 108.170.55.203
                                                                                                              4Red82RLic.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                              • 108.170.55.203
                                                                                                              QUOTATION.xlsGet hashmaliciousAgentTeslaBrowse
                                                                                                              • 108.170.55.203
                                                                                                              ip-api.com0KRPn.vbsGet hashmaliciousAgentTeslaBrowse
                                                                                                              • 208.95.112.1
                                                                                                              2AylrL13DwoqmCT.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                              • 208.95.112.1
                                                                                                              DHL_VTER000105453.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                              • 208.95.112.1
                                                                                                              43643456.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                              • 208.95.112.1
                                                                                                              DHL_VTER000105450.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                              • 208.95.112.1
                                                                                                              DHL Receipt_AWB 9899691321..exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                              • 208.95.112.1
                                                                                                              Sipari#U015f.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                              • 208.95.112.1
                                                                                                              Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                              • 208.95.112.1
                                                                                                              Dekont.pdf.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                              • 208.95.112.1
                                                                                                              http://www.open-sora.orgGet hashmaliciousExela Stealer, Growtopia, Python StealerBrowse
                                                                                                              • 208.95.112.1
                                                                                                              bg.microsoft.map.fastly.netK7jrWeA2ym.exeGet hashmaliciousPureLog StealerBrowse
                                                                                                              • 199.232.210.172
                                                                                                              HAhJORNtiOFCEGH.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                              • 199.232.210.172
                                                                                                              eiQXaKJ75nCjEWn.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                              • 199.232.210.172
                                                                                                              Zahlungsbeleg 202405029058.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                              • 199.232.214.172
                                                                                                              Arrival Notice.pdf.vbsGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                                                                              • 199.232.210.172
                                                                                                              Hesaphareketi-01.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                              • 199.232.210.172
                                                                                                              invoice PDF -2024.gz.vbsGet hashmaliciousUnknownBrowse
                                                                                                              • 199.232.214.172
                                                                                                              Pedido-Faturado-398731.msiGet hashmaliciousUnknownBrowse
                                                                                                              • 199.232.214.172
                                                                                                              LFfjUMuUFU.exeGet hashmaliciousAsyncRAT, PureLog Stealer, XWormBrowse
                                                                                                              • 199.232.210.172
                                                                                                              https://www.67rwzb.cn/Get hashmaliciousUnknownBrowse
                                                                                                              • 199.232.214.172

                                                                                                              ASNs

                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                              SSASN2USORDEN DEL PROYECTO.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                              • 108.170.55.202
                                                                                                              J728NYumpJ.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                              • 108.170.55.202
                                                                                                              t7bAVQ2wpF.elfGet hashmaliciousUnknownBrowse
                                                                                                              • 108.170.53.155
                                                                                                              https://147.45.47.87Get hashmaliciousUnknownBrowse
                                                                                                              • 209.188.14.135
                                                                                                              mpsl.elfGet hashmaliciousMiraiBrowse
                                                                                                              • 198.15.97.137
                                                                                                              rInquiry.exeGet hashmaliciousAgentTesla, Discord Token StealerBrowse
                                                                                                              • 108.170.55.202
                                                                                                              NEW ORDER QUOTATION REQUEST.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                              • 108.170.55.203
                                                                                                              ry3HbSIIPt.elfGet hashmaliciousMiraiBrowse
                                                                                                              • 209.188.7.212
                                                                                                              I9DNQsrT8I.elfGet hashmaliciousMirai, GafgytBrowse
                                                                                                              • 192.198.194.137
                                                                                                              NEW QUOTATION FOR ORDER.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                              • 108.170.55.202
                                                                                                              TUT-ASUS0KRPn.vbsGet hashmaliciousAgentTeslaBrowse
                                                                                                              • 208.95.112.1
                                                                                                              2AylrL13DwoqmCT.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                              • 208.95.112.1
                                                                                                              DHL_VTER000105453.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                              • 208.95.112.1
                                                                                                              43643456.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                              • 208.95.112.1
                                                                                                              DHL_VTER000105450.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                              • 208.95.112.1
                                                                                                              DHL Receipt_AWB 9899691321..exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                              • 208.95.112.1
                                                                                                              Sipari#U015f.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                              • 208.95.112.1
                                                                                                              Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                              • 208.95.112.1
                                                                                                              Dekont.pdf.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                              • 208.95.112.1
                                                                                                              http://www.open-sora.orgGet hashmaliciousExela Stealer, Growtopia, Python StealerBrowse
                                                                                                              • 208.95.112.1

                                                                                                              JA3 Fingerprints

                                                                                                              No context

                                                                                                              Dropped Files

                                                                                                              No context

                                                                                                              Created / dropped Files

                                                                                                              C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_FW URGENT RFQ-40_7b4ba10a7e256748f6f118029da9b3f3baca43_b2e69f44_3f478f6a-47e9-4ca9-9e2c-ed1dc2481a54\Report.wer

                                                                                                              Download File
                                                                                                              Process:C:\Windows\System32\WerFault.exe
                                                                                                              File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):65536
                                                                                                              Entropy (8bit):1.0600646971046248
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:192:MpGoE7lg+i0eVh3aWBei+uzuiF9Z24lO8i3g:WGoClgYeVh3amEuzuiF9Y4lO8i3
                                                                                                              MD5:D2BFB188D8E3FE3188D26106898B9897
                                                                                                              SHA1:BDC62CF63DD16B56181CFB3EF6E95925E276867F
                                                                                                              SHA-256:3657C50002DC45FA9932F31CB9591925CA9850192888189986E5141BAE6F7929
                                                                                                              SHA-512:FF60A26DF2D64DB55D446BB1152472A820A0654FDB5CD4F8E50F146BB97F5EFFCB01BA6E4A75F15A519C24B12923628669F3CF8330C250D4BC615B0B569EAF9E
                                                                                                              Malicious:false
                                                                                                              Reputation:low
                                                                                                              Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.C.L.R.2.0.r.3.....E.v.e.n.t.T.i.m.e.=.1.3.3.5.9.3.2.0.5.7.3.2.6.7.6.2.2.0.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.5.9.3.2.0.5.7.6.0.0.3.0.7.5.5.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.3.f.4.7.8.f.6.a.-.4.7.e.9.-.4.c.a.9.-.9.e.2.c.-.e.d.1.d.c.2.4.8.1.a.5.4.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.5.2.d.a.5.d.8.f.-.c.9.c.4.-.4.4.7.3.-.b.1.e.b.-.1.8.6.5.f.f.a.7.3.4.9.d.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....N.s.A.p.p.N.a.m.e.=.F.W. .U.R.G.E.N.T. .R.F.Q.-.4.0.0.0.9.8.2.1.1...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.I.p.i.w.u.v.i.j.e.p.o.y.a.d.u.j.u.p.o.x.u.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.6.6.0.-.0.0.0.1.-.0.0.1.4.-.f.9.d.0.-.2.c.1.0.5.0.9.e.d.a.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.b.3.9.3.7.d.7.d.8.e.b.0.4.8.f.b.2.8.5.3.c.2.8.4.1.3.0.a.9.b.2.4.0.0.0.0.0.0.0.0.!.0.0.0.0.f.c.4.b.e.9.4.3.b.d.d.7.5.b.e.a.1.1.4.0.2.d.a.f.d.2.5.e.a.c.

                                                                                                              C:\ProgramData\Microsoft\Windows\WER\Temp\WERBD0B.tmp.dmp

                                                                                                              Download File
                                                                                                              Process:C:\Windows\System32\WerFault.exe
                                                                                                              File Type:Mini DuMP crash report, 16 streams, Sat May 4 18:22:55 2024, 0x1205a4 type
                                                                                                              Category:dropped
                                                                                                              Size (bytes):454379
                                                                                                              Entropy (8bit):3.412903267066276
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3072:vkz0pfXgV6bDu+cyWs4fvjwPHTbjEXr6bJ2DcSfSnleR/s5FTyLBQ71CCq3lVCpA:s6X04Du+brCM2XKSs2LGzq4A3Q
                                                                                                              MD5:11821CC6265A856589D2B6C9E52F5264
                                                                                                              SHA1:FF8DCB6509E09B4CAE0E30D9D69B3AD9176C2594
                                                                                                              SHA-256:EC036A0D02BE633E194A5E8543824AC4A2893B23182273C5EA903777A84D2A0A
                                                                                                              SHA-512:8A4392DAF3C4C85E2D96BB5F2B647D25667368A5DDAA82F36773AB4048E3BC7E63A23619652BB0019D028E23170EE048AE89186BA87D63A3BE07414F7285A17E
                                                                                                              Malicious:false
                                                                                                              Reputation:low
                                                                                                              Preview:MDMP..a..... ........|6f............................4.......$...........\...0........S...|..........l.......8...........T............+..k............9..........x;..............................................................................eJ.......<......Lw......................T.......`....|6f.............................0..................W... .E.u.r.o.p.e. .S.t.a.n.d.a.r.d. .T.i.m.e.......................................W... .E.u.r.o.p.e. .S.u.m.m.e.r. .T.i.m.e...........................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                              C:\ProgramData\Microsoft\Windows\WER\Temp\WERC113.tmp.WERInternalMetadata.xml

                                                                                                              Download File
                                                                                                              Process:C:\Windows\System32\WerFault.exe
                                                                                                              File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):8688
                                                                                                              Entropy (8bit):3.7097608947459677
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:192:R6l7wVeJgegP6Y92VeRgmfZ7Mpr889bOCTf56m:R6lXJRy6YsVeRgmf1IOOfV
                                                                                                              MD5:CC225539B8BDC48F9EA1562A518314FC
                                                                                                              SHA1:5873DA670E86A4CD7FAA9337DFDD9EE31478AB02
                                                                                                              SHA-256:5B5C5C845C86C00020CB19819E059FD9A590AEA82A3CF3B495592C6E9F6C123B
                                                                                                              SHA-512:28B2A500C0F1C04157C7973653D31DD1E6BBE81D423C1261EF3D31A8F5B2F891DA8E41E0EDEE58CF97278EFB19D65226178462A7AE0B8A5C21938CC978C6FBC9
                                                                                                              Malicious:false
                                                                                                              Reputation:low
                                                                                                              Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.5.7.2.8.<./.P.i.

                                                                                                              C:\ProgramData\Microsoft\Windows\WER\Temp\WERC153.tmp.xml

                                                                                                              Download File
                                                                                                              Process:C:\Windows\System32\WerFault.exe
                                                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):4893
                                                                                                              Entropy (8bit):4.554438901647365
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:48:cvIwWl8zsSQJg771I92JWpW8VYdYm8M4J5E6F8Eyq8vaEDnEHwpgd:uIjfjI7947VpJqCWDDnwwpgd
                                                                                                              MD5:FAC515654330C9ED14CBB65B5BD673CE
                                                                                                              SHA1:81781258CA2FF7FB1FAFA938A88FF9CFDE93A939
                                                                                                              SHA-256:C0663C54F479D47FFB9C12AE25B1BF8E4568FE3F291D4D6310C9D89C08B837BE
                                                                                                              SHA-512:E099FA47DE70E35CF749AF40680D5D988F3E6C43DFB31351AC0F70953D170B2E6582BF8BA8FC7E8424E5F051A171AAD85060B7C3381CFA827881E0DD593B8AA8
                                                                                                              Malicious:false
                                                                                                              Reputation:low
                                                                                                              Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="308725" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                              C:\Windows\appcompat\Programs\Amcache.hve

                                                                                                              Download File
                                                                                                              Process:C:\Windows\System32\WerFault.exe
                                                                                                              File Type:MS Windows registry file, NT/2000 or above
                                                                                                              Category:dropped
                                                                                                              Size (bytes):1835008
                                                                                                              Entropy (8bit):4.466156729550912
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:6144:iIXfpi67eLPU9skLmb0b4mWSPKaJG8nAgejZMMhA2gX4WABl0uNXdwBCswSb+:HXD94mWlLZMM6YFHl++
                                                                                                              MD5:A8CDC0657DDE0F727ADB7E6BA21C6E10
                                                                                                              SHA1:0D6DB5DA8EC2E34D108BDEEF7E381148F3F94F66
                                                                                                              SHA-256:AB4E2A9E0CABA87FB968D8A9B011F4ACA020AEBE8A054D8183A107734FDCC120
                                                                                                              SHA-512:FF58AAD5FD38369AEDDBB0366BADEFA00E3E95F2F2D880A3B1C369E9E398A90C1F8FBE96F6E0C47301DC2B4A10B5B1BA32720D9973F1A53462671FB18EB928F5
                                                                                                              Malicious:false
                                                                                                              Reputation:low
                                                                                                              Preview:regf6...6....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm....P...............................................................................................................................................................................................................................................................................................................................................@..'........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                              Chrome Cache Entry: 106

                                                                                                              Download File
                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                              File Type:ASCII text, with very long lines (1657)
                                                                                                              Category:downloaded
                                                                                                              Size (bytes):264743
                                                                                                              Entropy (8bit):5.479126042995795
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3072:XdPMHc2NQzfk5eINolYDt6QYGfOvNoK42TCboc:yNQz4NolQwQz2lVZmboc
                                                                                                              MD5:951F5CB1728D3C62E6006801A61D2BE3
                                                                                                              SHA1:3B9B0CD9203226263F8E32B336ADC5532E54A308
                                                                                                              SHA-256:A50889187D77C8E3E0439A0D5C155159EAA7A3DBEC35111D7131EC88C0A228F7
                                                                                                              SHA-512:E030EBF4A1683F176C1873DAD0B717D307253CC0EA1D40BF39F22E3B95C71FCD58907A6B1DFE9F9740FBE1303C59DF1FE70E4B102BFA86269EC49AAA29664FB8
                                                                                                              Malicious:false
                                                                                                              Reputation:moderate, very likely benign file
                                                                                                              URL:"https://www.gstatic.com/_/mss/boq-one-google/_/js/k=boq-one-google.OneGoogleWidgetUi.en.atEDuNh539g.es5.O/ck=boq-one-google.OneGoogleWidgetUi.tmXdt9lP4MI.L.B1.O/am=EGDQuQM/d=1/exm=_b,_tp/excm=_b,_tp,appwidgetnoauthview/ed=1/wt=2/ujg=1/rs=AM-SdHsB0Pas7nSw8Vhs7WLnzEaRZWd_gA/ee=EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:SdcwHb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SNUn3:ZwDk9d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:QIhFr;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:s39S4;oGtAuc:sOXFj;pXdRYb:MdUzUe;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;wR5FRb:O1Gjze;xqZiqf:wmnU7d;yxTchf:KUM7Z;zxnPse:GkRiKb/m=ws9Tlc,n73qwf,GkRiKb,e5qFLc,IZT63,UUJqVe,O1Gjze,byfTOb,lsjVmc,xUdipf,OTA3Ae,COQbmf,fKUV3e,aurFic,U0aPgd,ZwDk9d,V3dDOb,mI3LFb,aDfbSd,O6y8ed,PrPYRd,MpJwZc,LEikZe,NwH0H,OmgaI,lazG7b,XVMNvd,L1AAkb,KUM7Z,Mlhmy,s39S4,lwddkf,gychg,w9hDv,EEDORb,RMhBfe,SdcwHb,aW3pY,pw70Gc,EFQ78c,Ulmmrd,ZfAoz,mdR7q,wmnU7d,xQtZb,JNoxi,kWgXee,MI6k7c,kjKdXe,BVgquf,QIhFr,ovKuLd,hKSk3e,yDVVkb,hc6Ubd,SpsfSb,KG2eXe,Z5uLle,MdUzUe,VwDzFe,zbML3c,A7fCU,zr1jrb,Uas9Hd,pjICDe"
                                                                                                              Preview:"use strict";_F_installCss(".KL4X6e{background:#eee;bottom:0;left:0;opacity:0;position:absolute;right:0;top:0}.TuA45b{opacity:.8}sentinel{}");.this.default_OneGoogleWidgetUi=this.default_OneGoogleWidgetUi||{};(function(_){var window=this;.try{.var Ky;_.Cy=function(a,b,c,d,e,f,g){a=a.ua;var h=(0,_.Wc)(a);_.lc(h);b=_.rd(a,h,c,b,2,f,!0);c=null!=d?d:new c;if(g&&("number"!==typeof e||0>e||e>b.length))throw Error();void 0!=e?b.splice(e,g,c):b.push(c);(0,_.jc)(c.ua)&2?(0,_.gk)(b,8):(0,_.gk)(b,16)};_.Qr.prototype.Mb=_.ca(28,function(){if(0<this.ub.length){var a=this.ub[0];if("textContent"in a)return(0,_.Eh)(a.textContent);if("innerText"in a)return(0,_.Eh)(a.innerText)}return""});._.Qr.prototype.kc=_.ca(27,function(){return 0==this.ub.length?null:new _.M(this.ub[0])});_.M.prototype.kc=_.ca(26,function(){return this});_.Qr.prototype.Ka=_.ca(25,function(){return this.ub.length?this.ub[0]:null});_.M.prototype.Ka=_.ca(24,function(){return this.ub[0]});_.Dy=function(a,b,c){if(!b&&!c)return null;var

                                                                                                              Chrome Cache Entry: 107

                                                                                                              Download File
                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                              File Type:ASCII text, with very long lines (2294)
                                                                                                              Category:downloaded
                                                                                                              Size (bytes):163286
                                                                                                              Entropy (8bit):5.544045381504343
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3072:CMiFOP4roKgkk/EFZMQbxjZW1BKo6JMI6l0nt8Uv1ziwtXOmDsY+WwYLF/HrY7+A:CMiroKfbMQbxjZW1BKo6JMI6l0nt8Uvq
                                                                                                              MD5:9D9987F6E83F101A097A0BD64A14C71B
                                                                                                              SHA1:E71E10897E0E874DE4D12125D5DF2F7FCE08F585
                                                                                                              SHA-256:D0975FC00A61201A54714BE8DF5E50F02B277E133BA08ABD9DEEA33934FA28A9
                                                                                                              SHA-512:5AE557145F0E0FF3E768AFC63B3E4855F53DCA49D46A22ACB169CC6DC58FF2B11C776B419141EB12C8B0CF7BBD16E928F9EE5AF5014DD976130B00A1995B325E
                                                                                                              Malicious:false
                                                                                                              Reputation:moderate, very likely benign file
                                                                                                              URL:"https://www.gstatic.com/og/_/js/k=og.qtm.en_US.Ics7SFQVxbg.2019.O/rt=j/m=q_dnp,qmd,qcwid,qapid,qald,q_dg/exm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhawgm3,qhba,qhbr,qhbrgm3,qhch,qhchgm3,qhga,qhid,qhidgm3,qhin,qhlo,qhlogm3,qhmn,qhpc,qhsf,qhsfgm3,qhtt/d=1/ed=1/rs=AA2YrTtpRznzVJk75Y4TcT-zpGGUjebtAg"
                                                                                                              Preview:this.gbar_=this.gbar_||{};(function(_){var window=this;.try{._.cj=function(a,b,c){return c?a|b:a&~b};_.dj=function(a,b,c,d){a=_.jb(a,b,c,d);return Array.isArray(a)?a:_.kc};_.ej=function(a,b){a=_.cj(a,2,!!(2&b));a=_.cj(a,32,!0);return a=_.cj(a,2048,!1)};_.fj=function(a,b){0===a&&(a=_.ej(a,b));return a=_.cj(a,1,!0)};_.gj=function(a){return!!(2&a)&&!!(4&a)||!!(2048&a)};_.hj=function(a,b,c){32&b&&c||(a=_.cj(a,32,!1));return a};._.ij=function(a,b,c,d,e,f){var g=!!(2&b),h=g?1:2;const k=1===h;h=2===h;e=!!e;f&&(f=!g);g=_.dj(a,b,d);var l=g[_.v]|0;const n=!!(4&l);if(!n){l=_.fj(l,b);var p=g,t=b,r;(r=!!(2&l))&&(t=_.cj(t,2,!0));let B=!r,aa=!0,K=0,F=0;for(;K<p.length;K++){const ba=_.Ua(p[K],c,t);if(ba instanceof c){if(!r){const Ca=!!((ba.ka[_.v]|0)&2);B&&(B=!Ca);aa&&(aa=Ca)}p[F++]=ba}}F<K&&(p.length=F);l=_.cj(l,4,!0);l=_.cj(l,16,aa);l=_.cj(l,8,B);_.ya(p,l);r&&Object.freeze(p)}c=!!(8&l)||k&&!g.length;if(f&&!c){_.gj(l)&&(g=_.xa(g),.l=_.ej(l,b),b=_.ib(a,b,d,g));f=g;c=l;for(p=0;p<f.length;p++)l=f[p],t=_

                                                                                                              Chrome Cache Entry: 108

                                                                                                              Download File
                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                              File Type:ASCII text, with very long lines (4252)
                                                                                                              Category:downloaded
                                                                                                              Size (bytes):4257
                                                                                                              Entropy (8bit):5.8265994727502495
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:96:a23EnliEIN6666VRwTGu/tE6ZgnkmIMfGeN/eN8hMgnd9z9KfffQfo:+lwN6666VSj/tE61mIMfGeN/A8H9R0
                                                                                                              MD5:E48EB32F54F5439D1670AB9935CE7D1B
                                                                                                              SHA1:6CBD44658228E8591002AEBEC0D311089C199489
                                                                                                              SHA-256:08BEA4D7DF9EEF190534B3C46E7D6C391D43C7943C854AEB3766F29B6252AC1A
                                                                                                              SHA-512:5A6BAA9858AE1E2C869BBF20AAAB02B1CB7461D81E07F2A33DCA5F551FDA4ED7563C47896274C4E0C53854D076169BDF203794E1B9FD7315E9B776658D7EACC4
                                                                                                              Malicious:false
                                                                                                              URL:https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
                                                                                                              Preview:)]}'.["",["lucha libre loot rewards monopoly go","pittsburgh steelers news","national nurses week discounts","apex legends split 1 playoffs schedule","jerry seinfeld movie unfrosted","spring hill high school senior prank","mini crossword clues","stock market futures"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggestdetail":[{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"google:entityinfo":"Cg0vZy8xMXMzODN3Ml9uEhdVbmZyb3N0ZWQg4oCUIDIwMjQgZmlsbTLXEmRhdGE6aW1hZ2UvanBlZztiYXNlNjQsLzlqLzRBQVFTa1pKUmdBQkFRQUFBUUFCQUFELzJ3Q0VBQWtHQndnSEJna0lCd2dLQ2drTERSWVBEUXdNRFJzVUZSQVdJQjBpSWlBZEh4OGtLRFFzSkNZeEp4OGZMVDB0TVRVM09qbzZJeXMvUkQ4NFF6UTVPamNCQ2dvS0RRd05HZzhQR2pjbEh5VTNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTi8vQUFCRUlBRUFBUUFNQklnQUNFUUVERVFIL3hBQWFBQUFDQXdFQkFBQUFBQUFBQUFBQUFBQUZCZ0lFQndNQi84UUFOQkFBQVFNREFnVUJCUWNGQVFBQUFBQUFBUUlEQkFVU

                                                                                                              Chrome Cache Entry: 109

                                                                                                              Download File
                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                              File Type:ASCII text, with very long lines (2956)
                                                                                                              Category:downloaded
                                                                                                              Size (bytes):18834
                                                                                                              Entropy (8bit):5.407489764960331
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:384:aRFPTuu4q5oOTm1j8B0K5WXv/8bU2wnO/mgzI4QSIZ0n9vDBTTY0TXCnh/9Clf9c:a/Tuu4q5oOTLB0K5WXv/8bU2wnO/mgze
                                                                                                              MD5:676CD2F5702D832A1E3E2F08257FEB37
                                                                                                              SHA1:1019B84107A8F84A77A651BDCBE0A7F425DE3661
                                                                                                              SHA-256:F58B6E0D4393A8BB15423EC49867875FB38EB820E0A7D13A7E80F4DCE7EB342E
                                                                                                              SHA-512:FF43FA6A37CE55F660052AE71F9301064638BC6D14F0DE8161E3E4E9C66D7CC5BE72D752540031BFF801228F905DDBA515DFAE15DFC6AAAC0654691C2A0AE365
                                                                                                              Malicious:false
                                                                                                              URL:"https://www.gstatic.com/_/mss/boq-one-google/_/js/k=boq-one-google.OneGoogleWidgetUi.en.atEDuNh539g.es5.O/ck=boq-one-google.OneGoogleWidgetUi.tmXdt9lP4MI.L.B1.O/am=EGDQuQM/d=1/exm=A7fCU,BVgquf,COQbmf,EEDORb,EFQ78c,GkRiKb,IZT63,JNoxi,KG2eXe,KUM7Z,L1AAkb,LEikZe,MI6k7c,MdUzUe,Mlhmy,MpJwZc,NwH0H,O1Gjze,O6y8ed,OTA3Ae,OmgaI,PrPYRd,QIhFr,RMhBfe,SdcwHb,SpsfSb,U0aPgd,UUJqVe,Uas9Hd,Ulmmrd,V3dDOb,VwDzFe,XVMNvd,Z5uLle,ZfAoz,ZwDk9d,_b,_tp,aDfbSd,aW3pY,aurFic,byfTOb,e5qFLc,fKUV3e,gychg,hKSk3e,hc6Ubd,kWgXee,kjKdXe,lazG7b,lsjVmc,lwddkf,mI3LFb,mdR7q,n73qwf,ovKuLd,pjICDe,pw70Gc,s39S4,w9hDv,wmnU7d,ws9Tlc,xQtZb,xUdipf,yDVVkb,zbML3c,zr1jrb/excm=_b,_tp,appwidgetnoauthview/ed=1/wt=2/ujg=1/rs=AM-SdHsB0Pas7nSw8Vhs7WLnzEaRZWd_gA/ee=EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:SdcwHb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SNUn3:ZwDk9d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:QIhFr;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:s39S4;oGtAuc:sOXFj;pXdRYb:MdUzUe;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;wR5FRb:O1Gjze;xqZiqf:wmnU7d;yxTchf:KUM7Z;zxnPse:GkRiKb/m=RqjULd"
                                                                                                              Preview:"use strict";this.default_OneGoogleWidgetUi=this.default_OneGoogleWidgetUi||{};(function(_){var window=this;.try{._.q("RqjULd");.var sha=function(a){if(_.n&&_.n.performance&&_.n.performance.memory){var b=_.n.performance.memory;if(b){var c=new cF;isNaN(b.jsHeapSizeLimit)||_.ae(c,1,_.Ec(Math.round(b.jsHeapSizeLimit).toString()));isNaN(b.totalJSHeapSize)||_.ae(c,2,_.Ec(Math.round(b.totalJSHeapSize).toString()));isNaN(b.usedJSHeapSize)||_.ae(c,3,_.Ec(Math.round(b.usedJSHeapSize).toString()));_.sk(a,cF,1,c)}}},tha=function(a){if(dF()){var b=performance.getEntriesByType("navigation");if(b&&b.length){var c=new eF;if(b=b[0]){switch(b.type){case "navigate":c.tg(1);.break;case "reload":c.tg(2);break;case "back_forward":c.tg(3);break;case "prerender":c.tg(4);break;default:c.tg(0)}var d=_.Gk(c,2,Math.round(b.startTime));d=_.Gk(d,3,Math.round(b.fetchStart));d=_.Gk(d,4,Math.round(b.domainLookupStart));d=_.Gk(d,5,Math.round(b.domainLookupEnd));d=_.Gk(d,6,Math.round(b.connectStart));d=_.Gk(d,7,Math.ro

                                                                                                              Chrome Cache Entry: 110

                                                                                                              Download File
                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                              File Type:PNG image data, 106 x 5210, 8-bit/color RGBA, non-interlaced
                                                                                                              Category:downloaded
                                                                                                              Size (bytes):137432
                                                                                                              Entropy (8bit):7.981759932974614
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3072:SWkkEsWBwvkw/2i4fhpATVmE6383x4L6EWL3UQ7lE7sPE:SVAwwswerUv3S4nhdPE
                                                                                                              MD5:387ED93F42803B1EC6697E3B57FBCEF0
                                                                                                              SHA1:2EA8A5BFBF99144BD0EBAEBE60AC35406A8B613E
                                                                                                              SHA-256:982AAC952E2C938BD55550D0409ECE5F4430D38F370161D8318678FA25316587
                                                                                                              SHA-512:7C90F69A53E49BAD03C4CEFD9868B4C4BA145E5738218E8C445FF6AE5347153E3A2F2B918CBE184B0366AFD53B984634D2894FEA6F31A4603E58CCB6BFA5C625
                                                                                                              Malicious:false
                                                                                                              URL:https://ssl.gstatic.com/gb/images/sprites/p_2x_387ed93f4280.png
                                                                                                              Preview:.PNG........IHDR...j...Z.......{.....IDATx...S`......V.4gzl.>.m.m.m.>c......8.J..p....*k..i.k...f..v.VeG....V.^,.Y8>..U.(+...fbJ...q.G.kb#.T)F......~..&)+&....'..].~.j5....!.j.<..xJ..&.T91<.......3...|.4.Uu...c..t..\<#S.........+...M?ew.(....w..h.c.PU.>.C.:.P..Wq...4..[.......k{TG.C.~.$=U..>.....4c+9.s...d.,...h...$.dk..0T3..63$.l.6...O.O..z..J..C...fjZ...i...J..P-T.B5-T..PM..B5-T.B.PM..P-T.B5.].....9...cZ.*./.b.I....Z..\......^...(..............u.G..O.c.....`k....qx/..U-.U..0.[.:..$.......fx5.l..h..g..O'9..%.E=...x&.P.....?R.\..../.......s.-MU..U..o..Q.1.%.l.gb.....I.zxD..t.&.u[.:R.N..:.d.............].{..z.M..-}Sw@b....[.D..#1$s.I..0..L....I.....i.Z....... MZ...j....i.Z...jZ...i.....jZ...i......z"/...._....q...gU.b.IHO.5....,n........PX..$.._.9(Mw..D../.C......l.....x..Q|...(..$#../.....GB...7bS..B..G.....Tb.Yx6^.9..C.F..oMrx..p..<N3.=.1...$.....-N.t.jt6..&..J...G..z!..Ff.i...v._..a.....R%I....f....t....._..5.l...A..C.=c(V..)......0$.jg..KT..*E.r

                                                                                                              Chrome Cache Entry: 111

                                                                                                              Download File
                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                              File Type:ASCII text, with very long lines (2200)
                                                                                                              Category:downloaded
                                                                                                              Size (bytes):184069
                                                                                                              Entropy (8bit):5.457765888899575
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3072:JaXH2HHSBV2qoSKRd8mQ3jfA8j3yViKE5rmVqpzE:fHgxohRdUfFyQKEnpzE
                                                                                                              MD5:92EEFFE57524E80329BE5C39E3442D12
                                                                                                              SHA1:EAA1A2226A503A59A2506BFC5031077DBED51AE1
                                                                                                              SHA-256:A206F391DFA17782AF610C772392E25F2DF7EA947A7CE17B449ACF45DD5BF854
                                                                                                              SHA-512:8B2C2FC7D6A938493A1437B5901A369D228E4AB1183144AF9582301E0C5A7CBE31E7DADF4B51E75ECF113C3D5F2935FD2FAAD6D64F9FA1FC65D06BE5959029B0
                                                                                                              Malicious:false
                                                                                                              URL:"https://www.gstatic.com/_/mss/boq-one-google/_/js/k=boq-one-google.OneGoogleWidgetUi.en.atEDuNh539g.es5.O/am=EGDQuQM/d=1/excm=_b,_tp,appwidgetnoauthview/ed=1/dg=0/wt=2/ujg=1/rs=AM-SdHvidsrb0WJIkPFTwXnDxsLdoIl5-Q/m=_b,_tp"
                                                                                                              Preview:"use strict";this.default_OneGoogleWidgetUi=this.default_OneGoogleWidgetUi||{};(function(_){var window=this;.try{._._F_toggles_initialize=function(a){("undefined"!==typeof globalThis?globalThis:"undefined"!==typeof self?self:this)._F_toggles=a||[]};(0,_._F_toggles_initialize)([0x39d06010, 0xe, ]);./*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/./*.. SPDX-License-Identifier: Apache-2.0.*/./*. SPDX-License-Identifier: Apache-2.0.*/./*.. Copyright 2024 Google, Inc. SPDX-License-Identifier: MIT.*/.var ia,aaa,Ha,caa,Qa,Sa,Ta,Ua,Va,Wa,Xa,ab,daa,eaa,cb,eb,tb,xb,Lb,Nb,Rb,Ub,Wb,gaa,ac,cc,dc,kc,rc,uc,wc,oc,jaa,Fc,Gc,kaa,Nc,laa,Rc,Tc,cd,dd,hd,jd,kd,pd,id,ld,Sc,Cd,Ad,Dd,y,Hd,Kd,raa,saa,taa,uaa,vaa,waa,xaa,yaa,xe,Be,Eaa,Caa,Qe,Ye,Haa,Iaa,$e,of,Maa,Naa,vf,Oaa,Paa,Qaa,Raa,Kf,Lf,Mf,Saa,Taa,Uaa,Vaa,Waa,Xaa,Yaa,$aa,aba,aa,hg,ig,bba,kg,lg,og,cba,tg,ug,vg,fba,gba,Bg,Cg,hba,iba;_.ba=function(a){return function(){return aa[a].apply(this,arguments)}};_.ca=function(a,b){ret

                                                                                                              Chrome Cache Entry: 112

                                                                                                              Download File
                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                              File Type:ASCII text
                                                                                                              Category:downloaded
                                                                                                              Size (bytes):29
                                                                                                              Entropy (8bit):3.9353986674667634
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:VQAOx/1n:VQAOd1n
                                                                                                              MD5:6FED308183D5DFC421602548615204AF
                                                                                                              SHA1:0A3F484AAA41A60970BA92A9AC13523A1D79B4D5
                                                                                                              SHA-256:4B8288C468BCFFF9B23B2A5FF38B58087CD8A6263315899DD3E249A3F7D4AB2D
                                                                                                              SHA-512:A2F7627379F24FEC8DC2C472A9200F6736147172D36A77D71C7C1916C0F8BDD843E36E70D43B5DC5FAABAE8FDD01DD088D389D8AE56ED1F591101F09135D02F5
                                                                                                              Malicious:false
                                                                                                              URL:https://www.google.com/async/newtab_promos
                                                                                                              Preview:)]}'.{"update":{"promos":{}}}

                                                                                                              Chrome Cache Entry: 113

                                                                                                              Download File
                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                              File Type:ASCII text, with very long lines (736)
                                                                                                              Category:downloaded
                                                                                                              Size (bytes):3505
                                                                                                              Entropy (8bit):5.552095288109031
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:96:86yHtxMPvVSbAtxNYiSJ6vq67pSlIcBfGx:FwIOT6L0IIc
                                                                                                              MD5:6745EB04C880EA1849D0DD81B61F4FE9
                                                                                                              SHA1:EF6EDD0581F24E02C423FBC551B9D9F060F2404C
                                                                                                              SHA-256:F196C197EF86BA3427D8284E2273FE8932BBC2AFF02931E4273F6840927518B2
                                                                                                              SHA-512:7AB9D78668D5E83FBCFF092223379426141EDEDE6088136BD578E86D2E59ACCC2ABF1A86C34001DCB6528E6F735B46816259ED2F4E82D69BA9CCB97DFA42C49A
                                                                                                              Malicious:false
                                                                                                              URL:"https://www.gstatic.com/_/mss/boq-one-google/_/js/k=boq-one-google.OneGoogleWidgetUi.en.atEDuNh539g.es5.O/ck=boq-one-google.OneGoogleWidgetUi.tmXdt9lP4MI.L.B1.O/am=EGDQuQM/d=1/exm=A7fCU,BVgquf,COQbmf,EEDORb,EFQ78c,GkRiKb,IZT63,JNoxi,KG2eXe,KUM7Z,L1AAkb,LEikZe,MI6k7c,MdUzUe,Mlhmy,MpJwZc,NwH0H,O1Gjze,O6y8ed,OTA3Ae,OmgaI,PrPYRd,QIhFr,RMhBfe,RqjULd,SdcwHb,SpsfSb,U0aPgd,UUJqVe,Uas9Hd,Ulmmrd,V3dDOb,VwDzFe,XVMNvd,Z5uLle,ZfAoz,ZwDk9d,_b,_tp,aDfbSd,aW3pY,aurFic,bm51tf,byfTOb,e5qFLc,fKUV3e,gychg,hKSk3e,hc6Ubd,kWgXee,kjKdXe,lazG7b,lsjVmc,lwddkf,mI3LFb,mdR7q,n73qwf,ovKuLd,pjICDe,pw70Gc,s39S4,w9hDv,wmnU7d,ws9Tlc,xQtZb,xUdipf,yDVVkb,zbML3c,zr1jrb/excm=_b,_tp,appwidgetnoauthview/ed=1/wt=2/ujg=1/rs=AM-SdHsB0Pas7nSw8Vhs7WLnzEaRZWd_gA/ee=EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:SdcwHb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SNUn3:ZwDk9d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:QIhFr;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:s39S4;oGtAuc:sOXFj;pXdRYb:MdUzUe;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;wR5FRb:O1Gjze;xqZiqf:wmnU7d;yxTchf:KUM7Z;zxnPse:GkRiKb/m=Wt6vjf,hhhU8,FCpbqb,WhJNk"
                                                                                                              Preview:"use strict";this.default_OneGoogleWidgetUi=this.default_OneGoogleWidgetUi||{};(function(_){var window=this;.try{._.q("Wt6vjf");.var uy=function(a){this.ua=_.x(a,0,uy.ob)};_.G(uy,_.C);uy.prototype.Ya=function(){return _.nk(this,1)};uy.prototype.oc=function(a){_.Fk(this,1,a)};uy.ob="f.bo";var vy=function(){_.ln.call(this)};_.G(vy,_.ln);vy.prototype.mb=function(){this.Fq=!1;wy(this);_.ln.prototype.mb.call(this)};vy.prototype.j=function(){xy(this);if(this.Tj)return yy(this),!1;if(!this.Qr)return zy(this),!0;this.dispatchEvent("p");if(!this.So)return zy(this),!0;this.Nn?(this.dispatchEvent("r"),zy(this)):yy(this);return!1};.var Ay=function(a){var b=new _.mt(a.gx);null!=a.Ip&&b.l.set("authuser",a.Ip);return b},yy=function(a){a.Tj=!0;var b=Ay(a),c="rt=r&f_uid="+_.mi(a.So);_.Qo(b,(0,_.E)(a.l,a),"POST",c)};.vy.prototype.l=function(a){a=a.target;xy(this);if(_.Xo(a)){this.Pm=0;if(this.Nn)this.Tj=!1,this.dispatchEvent("r");else if(this.Qr)this.dispatchEvent("s");else{try{var b=_.Yo(a),c=JSON.pars

                                                                                                              Chrome Cache Entry: 114

                                                                                                              Download File
                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                              File Type:ASCII text, with very long lines (3572), with no line terminators
                                                                                                              Category:downloaded
                                                                                                              Size (bytes):3572
                                                                                                              Entropy (8bit):5.140651484312947
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:48:vZUJVKLICJEconBdpZUvGCUvGULHg7OTehn5hsbrc7g8IO8u0Y8D2n:yJYI/coXqCg7OSfg8IO8uB8D2n
                                                                                                              MD5:122C0858F7D38991F14E5ADC6BDB3C3B
                                                                                                              SHA1:FFC64755EB42990A73C4878426A641CFB94B57EE
                                                                                                              SHA-256:06D1296A6F6611AC795B27882FE88823EE857D0F49F7018CF00C6A199976DC0D
                                                                                                              SHA-512:149A1FB533C8C7D5EA363B80982DC1EC4C39E5EF9BB37E45BC80E105B18C3FA4DC610449BBD70DE9B9AC7339FEBBBD4FF76C2A9D1FD104D1943A386539AC4D44
                                                                                                              Malicious:false
                                                                                                              URL:"https://www.gstatic.com/og/_/ss/k=og.qtm.RS0dNtaZmo0.L.W.O/m=qmd,qcwid/excm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhawgm3,qhba,qhbr,qhbrgm3,qhch,qhchgm3,qhga,qhid,qhidgm3,qhin,qhlo,qhlogm3,qhmn,qhpc,qhsf,qhsfgm3,qhtt/d=1/ed=1/ct=zgms/rs=AA2YrTuhe2hCYlalU7rKCW-qT_-zMhVRaw"
                                                                                                              Preview:.gb_2e{background:rgba(60,64,67,.9);-webkit-border-radius:4px;border-radius:4px;color:#fff;font:500 12px "Roboto",arial,sans-serif;letter-spacing:.8px;line-height:16px;margin-top:4px;min-height:14px;padding:4px 8px;position:absolute;z-index:1000;-webkit-font-smoothing:antialiased}.gb_Fc{text-align:left}.gb_Fc>*{color:#bdc1c6;line-height:16px}.gb_Fc div:first-child{color:white}.gb_pa{background:none;border:1px solid transparent;-webkit-border-radius:50%;border-radius:50%;-webkit-box-sizing:border-box;box-sizing:border-box;cursor:pointer;height:40px;margin:8px;outline:none;padding:1px;position:absolute;right:0;top:0;width:40px}.gb_pa:hover{background-color:rgba(68,71,70,.08)}.gb_pa:focus,.gb_pa:active{background-color:rgba(68,71,70,.12)}.gb_pa:focus-visible{border-color:#0b57d0;outline:1px solid transparent;outline-offset:-1px}.gb_i .gb_pa:hover,.gb_i .gb_pa:focus,.gb_i .gb_pa:active{background-color:rgba(227,227,227,.08)}.gb_i .gb_pa:focus-visible{border-color:#a8c7fa}.gb_qa{-webkit-box

                                                                                                              Chrome Cache Entry: 115

                                                                                                              Download File
                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                              File Type:ASCII text, with very long lines (769)
                                                                                                              Category:downloaded
                                                                                                              Size (bytes):1424
                                                                                                              Entropy (8bit):5.31660097498527
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:24:kWfS+Xg1QmYTY29/RbFTVebYaThG8VgI4+O6tp41SZGbwfKGbeZPx/sMGOwsNEZ9:ZfS+wmmc/bFpw/A8R3fpWgGb+KGbipsZ
                                                                                                              MD5:13D1BE6BC9AA2CA332D553D2D4491DE1
                                                                                                              SHA1:F7E7A540E69006ED7470EB2AED4EF19BE4A1AF0C
                                                                                                              SHA-256:4C205DD66FDACFF32EB2B63273FB74DB1E29DBD5C9B97F0F6641378174257F39
                                                                                                              SHA-512:A1DD99D4ED179D4FA138A7C500589896F3A5DA06758ED72F67D05243519FB5EADF2184D9B67F0F9337FF55B5F5982D93245A8FF41E6F8F1D619CAC8D47C9FF4A
                                                                                                              Malicious:false
                                                                                                              URL:"https://www.gstatic.com/_/mss/boq-one-google/_/js/k=boq-one-google.OneGoogleWidgetUi.en.atEDuNh539g.es5.O/ck=boq-one-google.OneGoogleWidgetUi.tmXdt9lP4MI.L.B1.O/am=EGDQuQM/d=1/exm=A7fCU,BVgquf,COQbmf,EEDORb,EFQ78c,GkRiKb,IZT63,JNoxi,KG2eXe,KUM7Z,L1AAkb,LEikZe,MI6k7c,MdUzUe,Mlhmy,MpJwZc,NwH0H,O1Gjze,O6y8ed,OTA3Ae,OmgaI,PrPYRd,QIhFr,RMhBfe,RqjULd,SdcwHb,SpsfSb,U0aPgd,UUJqVe,Uas9Hd,Ulmmrd,V3dDOb,VwDzFe,XVMNvd,Z5uLle,ZfAoz,ZwDk9d,_b,_tp,aDfbSd,aW3pY,aurFic,byfTOb,e5qFLc,fKUV3e,gychg,hKSk3e,hc6Ubd,kWgXee,kjKdXe,lazG7b,lsjVmc,lwddkf,mI3LFb,mdR7q,n73qwf,ovKuLd,pjICDe,pw70Gc,s39S4,w9hDv,wmnU7d,ws9Tlc,xQtZb,xUdipf,yDVVkb,zbML3c,zr1jrb/excm=_b,_tp,appwidgetnoauthview/ed=1/wt=2/ujg=1/rs=AM-SdHsB0Pas7nSw8Vhs7WLnzEaRZWd_gA/ee=EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:SdcwHb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SNUn3:ZwDk9d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:QIhFr;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:s39S4;oGtAuc:sOXFj;pXdRYb:MdUzUe;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;wR5FRb:O1Gjze;xqZiqf:wmnU7d;yxTchf:KUM7Z;zxnPse:GkRiKb/m=bm51tf"
                                                                                                              Preview:"use strict";this.default_OneGoogleWidgetUi=this.default_OneGoogleWidgetUi||{};(function(_){var window=this;.try{._.q("bm51tf");.var Uoa=!!(_.Jg[0]>>17&1);var Voa=function(a,b,c,d,e){this.o=a;this.N=b;this.v=c;this.O=d;this.W=e;this.j=0;this.l=tW(this)},Woa=function(a){var b={};_.Da(a.tq(),function(e){b[e]=!0});var c=a.kq(),d=a.mq();return new Voa(a.lq(),1E3*c.j(),a.fq(),1E3*d.j(),b)},tW=function(a){return Math.random()*Math.min(a.N*Math.pow(a.v,a.j),a.O)},uW=function(a,b){return a.j>=a.o?!1:null!=b?!!a.W[b]:!0};var vW=function(a){_.Q.call(this,a.oa);this.o=a.service.Jr;this.v=a.service.metadata;a=a.service.ID;this.l=a.o.bind(a)};_.G(vW,_.Q);vW.qa=_.Q.qa;vW.V=function(){return{service:{Jr:_.rW,metadata:_.nW,ID:_.DU}}};vW.prototype.j=function(a,b){if(1!=this.v.getType(a.Cb()))return _.Nn(a);var c=this.o.j;(c=c?Woa(c):null)&&uW(c)?(b=wW(this,a,b,c),a=new _.Mn(a,b,2)):a=_.Nn(a);return a};.var wW=function(a,b,c,d){return c.then(function(e){return e},function(e){if(Uoa)if(e instanceof _.ee)

                                                                                                              Chrome Cache Entry: 116

                                                                                                              Download File
                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                              File Type:ASCII text, with very long lines (65531)
                                                                                                              Category:downloaded
                                                                                                              Size (bytes):137077
                                                                                                              Entropy (8bit):5.441035278670538
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:1536:jdGuEygn2zuFRDP6nWysx3DMqPKnrzNSpGiV1p+RHPGb4guj1i8jZRLM9rZxMkPr:Dmnoap3DTKnrQpG4nQUdup6ZxMkmwXd
                                                                                                              MD5:5CEB2FE15490C26E3E57A026EAB83B62
                                                                                                              SHA1:2E106BCBCE03227347322C1008FC07F070EA0FC5
                                                                                                              SHA-256:F8D21EF95FDF1BD0D553DCB1FBD26976447AE22C66EDF9BD5E041AFE5B01836E
                                                                                                              SHA-512:389CDE2F0589E33DEB0C42C39B9A9FB3948A0E52ECFECF86A8DD57BFFA599ACA1C75CA8D1FFB19CFDA72EEA483CB21A0486D91C904D59243350D9463053272F3
                                                                                                              Malicious:false
                                                                                                              URL:https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
                                                                                                              Preview:)]}'.{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Qa gb_hb gb_Td gb_nd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e\u003cdiv class\u003d\"gb_Hd\"\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_rd gb_kd gb_xd gb_wd\"\u003e\u003cdiv class\u003d\"gb_qd gb_gd\"\u003e\u003cdiv class\u003d\"gb_Oc gb_q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M3 18h18v-2H3v2zm0-5h18v-2H3v2zm0-7v2h18V6H3z\"\u003e\u003c\/path\u003e\u003c\/svg\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_Oc gb_Rc gb_q\" aria-label\u003d\"Go back\" title\u003d\"Go back\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M20 11H7.83l5.59-5.59L12 4l-8 8 8 8 1.41-1.

                                                                                                              Chrome Cache Entry: 117

                                                                                                              Download File
                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                              File Type:PNG image data, 106 x 5210, 8-bit/color RGBA, non-interlaced
                                                                                                              Category:dropped
                                                                                                              Size (bytes):137432
                                                                                                              Entropy (8bit):7.981759932974614
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3072:SWkkEsWBwvkw/2i4fhpATVmE6383x4L6EWL3UQ7lE7sPE:SVAwwswerUv3S4nhdPE
                                                                                                              MD5:387ED93F42803B1EC6697E3B57FBCEF0
                                                                                                              SHA1:2EA8A5BFBF99144BD0EBAEBE60AC35406A8B613E
                                                                                                              SHA-256:982AAC952E2C938BD55550D0409ECE5F4430D38F370161D8318678FA25316587
                                                                                                              SHA-512:7C90F69A53E49BAD03C4CEFD9868B4C4BA145E5738218E8C445FF6AE5347153E3A2F2B918CBE184B0366AFD53B984634D2894FEA6F31A4603E58CCB6BFA5C625
                                                                                                              Malicious:false
                                                                                                              Preview:.PNG........IHDR...j...Z.......{.....IDATx...S`......V.4gzl.>.m.m.m.>c......8.J..p....*k..i.k...f..v.VeG....V.^,.Y8>..U.(+...fbJ...q.G.kb#.T)F......~..&)+&....'..].~.j5....!.j.<..xJ..&.T91<.......3...|.4.Uu...c..t..\<#S.........+...M?ew.(....w..h.c.PU.>.C.:.P..Wq...4..[.......k{TG.C.~.$=U..>.....4c+9.s...d.,...h...$.dk..0T3..63$.l.6...O.O..z..J..C...fjZ...i...J..P-T.B5-T..PM..B5-T.B.PM..P-T.B5.].....9...cZ.*./.b.I....Z..\......^...(..............u.G..O.c.....`k....qx/..U-.U..0.[.:..$.......fx5.l..h..g..O'9..%.E=...x&.P.....?R.\..../.......s.-MU..U..o..Q.1.%.l.gb.....I.zxD..t.&.u[.:R.N..:.d.............].{..z.M..-}Sw@b....[.D..#1$s.I..0..L....I.....i.Z....... MZ...j....i.Z...jZ...i.....jZ...i......z"/...._....q...gU.b.IHO.5....,n........PX..$.._.9(Mw..D../.C......l.....x..Q|...(..$#../.....GB...7bS..B..G.....Tb.Yx6^.9..C.F..oMrx..p..<N3.=.1...$.....-N.t.jt6..&..J...G..z!..Ff.i...v._..a.....R%I....f....t....._..5.l...A..C.=c(V..)......0$.jg..KT..*E.r

                                                                                                              Chrome Cache Entry: 118

                                                                                                              Download File
                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                              File Type:Web Open Font Format (Version 2), TrueType, length 15344, version 1.0
                                                                                                              Category:downloaded
                                                                                                              Size (bytes):15344
                                                                                                              Entropy (8bit):7.984625225844861
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:384:ctE5KIuhGO+DSdXwye6i9Xm81v4vMHCbppV0pr3Ll9/w:cqrVO++tw/9CICFbQLlxw
                                                                                                              MD5:5D4AEB4E5F5EF754E307D7FFAEF688BD
                                                                                                              SHA1:06DB651CDF354C64A7383EA9C77024EF4FB4CEF8
                                                                                                              SHA-256:3E253B66056519AA065B00A453BAC37AC5ED8F3E6FE7B542E93A9DCDCC11D0BC
                                                                                                              SHA-512:7EB7C301DF79D35A6A521FAE9D3DCCC0A695D3480B4D34C7D262DD0C67ABEC8437ED40E2920625E98AAEAFBA1D908DEC69C3B07494EC7C29307DE49E91C2EF48
                                                                                                              Malicious:false
                                                                                                              URL:https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
                                                                                                              Preview:wOF2......;........H..;..........................d..@..J.`..L.T..<.....x.....^...x.6.$..6. ..t. ..I.h|.l....A....b6........(......@e.]...*:..-.0..r.)..hS..h...N.).D.........b.].......^..t?.m{...."84...9......c...?..r3o....}...S]....zbO.../z..{.....~cc....I...#.G.D....#*e.A..b...b`a5P.4........M....v4..fI#X.z,.,...=avy..F.a.\9.P|.[....r.Q@M.I.._.9..V..Q..]......[ {u..L@...]..K......]C....l$.Z.Z...Zs.4........ x.........F.?.7N..].|.wb\....Z{1L#..t....0.dM...$JV...{..oX...i....6.v.~......)|.TtAP&).KQ.]y........'...:.d..+..d..."C.h..p.2.M..e,.*UP..@.q..7..D.@...,......B.n. r&.......F!.....\...;R.?-.i...,7..cb../I...Eg...!X.)5.Aj7...Ok..l7.j.A@B`".}.w.m..R.9..T.X.X.d....S..`XI..1... .$C.H.,.\. ..A(.AZ.................`Wr.0]y..-..K.1.............1.tBs..n.0...9.F[b.3x...*$....T..PM.Z-.N.rS?I.<8eR'.3..27..?;..OLf*.Rj.@.o.W...........j~ATA....vX.N:.3dM.r.)Q.B...4i.f..K.l..s....e.U.2...k..a.GO.}..../.'..%$..ed.*.'..qP....M..j....../.z&.=...q<....-..?.A.%..K..

                                                                                                              Chrome Cache Entry: 119

                                                                                                              Download File
                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                              File Type:SVG Scalable Vector Graphics image
                                                                                                              Category:downloaded
                                                                                                              Size (bytes):1660
                                                                                                              Entropy (8bit):4.301517070642596
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:48:A/S9VU5IDhYYmMqPLmumtrYW2DyZ/jTq9J:A2VUSDhYYmM5trYFw/jmD
                                                                                                              MD5:554640F465EB3ED903B543DAE0A1BCAC
                                                                                                              SHA1:E0E6E2C8939008217EB76A3B3282CA75F3DC401A
                                                                                                              SHA-256:99BF4AA403643A6D41C028E5DB29C79C17CBC815B3E10CD5C6B8F90567A03E52
                                                                                                              SHA-512:462198E2B69F72F1DC9743D0EA5EED7974A035F24600AA1C2DE0211D978FF0795370560CBF274CCC82C8AC97DC3706C753168D4B90B0B81AE84CC922C055CFF0
                                                                                                              Malicious:false
                                                                                                              URL:https://www.gstatic.com/images/branding/googlelogo/svg/googlelogo_clr_74x24px.svg
                                                                                                              Preview:<svg xmlns="http://www.w3.org/2000/svg" width="74" height="24" viewBox="0 0 74 24"><path fill="#4285F4" d="M9.24 8.19v2.46h5.88c-.18 1.38-.64 2.39-1.34 3.1-.86.86-2.2 1.8-4.54 1.8-3.62 0-6.45-2.92-6.45-6.54s2.83-6.54 6.45-6.54c1.95 0 3.38.77 4.43 1.76L15.4 2.5C13.94 1.08 11.98 0 9.24 0 4.28 0 .11 4.04.11 9s4.17 9 9.13 9c2.68 0 4.7-.88 6.28-2.52 1.62-1.62 2.13-3.91 2.13-5.75 0-.57-.04-1.1-.13-1.54H9.24z"/><path fill="#EA4335" d="M25 6.19c-3.21 0-5.83 2.44-5.83 5.81 0 3.34 2.62 5.81 5.83 5.81s5.83-2.46 5.83-5.81c0-3.37-2.62-5.81-5.83-5.81zm0 9.33c-1.76 0-3.28-1.45-3.28-3.52 0-2.09 1.52-3.52 3.28-3.52s3.28 1.43 3.28 3.52c0 2.07-1.52 3.52-3.28 3.52z"/><path fill="#4285F4" d="M53.58 7.49h-.09c-.57-.68-1.67-1.3-3.06-1.3C47.53 6.19 45 8.72 45 12c0 3.26 2.53 5.81 5.43 5.81 1.39 0 2.49-.62 3.06-1.32h.09v.81c0 2.22-1.19 3.41-3.1 3.41-1.56 0-2.53-1.12-2.93-2.07l-2.22.92c.64 1.54 2.33 3.43 5.15 3.43 2.99 0 5.52-1.76 5.52-6.05V6.49h-2.42v1zm-2.93 8.03c-1.76 0-3.1-1.5-3.1-3.52 0-2.05 1.34-3.52 3.1-3

                                                                                                              Chrome Cache Entry: 120

                                                                                                              Download File
                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                              File Type:ASCII text, with very long lines (2124)
                                                                                                              Category:downloaded
                                                                                                              Size (bytes):121628
                                                                                                              Entropy (8bit):5.506662476672723
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3072:QI9yvwslCsrCF9f/U2Dj3Fkk7rEehA5L1kx:l9ygsrieDkVaL1kx
                                                                                                              MD5:F46ACD807A10216E6EEE8EA51E0F14D6
                                                                                                              SHA1:4702F47070F7046689432DCF605F11364BC0FBED
                                                                                                              SHA-256:D6B84873D27E7E83CF5184AAEF778F1CCB896467576CD8AF2CAD09B31B3C6086
                                                                                                              SHA-512:811263DC85C8DAA3A6E5D8A002CCCB953CD01E6A77797109835FE8B07CABE0DEE7EB126274E84266229880A90782B3B016BA034E31F0E3B259BF9E66CA797028
                                                                                                              Malicious:false
                                                                                                              URL:"https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.SCWmpDDGjPk.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo_Pl64J0IIHlj2zBtEJ3ZwdaJC3HA/cb=gapi.loaded_0"
                                                                                                              Preview:gapi.loaded_0(function(_){var window=this;._._F_toggles_initialize=function(a){("undefined"!==typeof globalThis?globalThis:"undefined"!==typeof self?self:this)._F_toggles=a||[]};(0,_._F_toggles_initialize)([0x20000, ]);.var ba,ca,da,na,pa,va,wa,za;ba=function(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}};ca="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.da=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("a");};_.ma=da(this);na=function(a,b){if(b)a:{var c=_.ma;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&null!=b&&ca(c,a,{configurable:!0,writable:!0,value:b})}};.na("Symbol",function(a){if(a)re

                                                                                                              Chrome Cache Entry: 121

                                                                                                              Download File
                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                              File Type:HTML document, ASCII text, with very long lines (21071)
                                                                                                              Category:downloaded
                                                                                                              Size (bytes):53484
                                                                                                              Entropy (8bit):5.740191451553308
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:768:kcEghhvpuxWl1C6k/Z2aFe045V6HbWb1JMYfI1QzFJ/N4tx0AyvU:x1CfbWP7fII1yx4vU
                                                                                                              MD5:326D17BD9F7CCA8358115BD197B5A99D
                                                                                                              SHA1:6BE26813CFD8E9BFF067315C39C61DCD51FA4FD3
                                                                                                              SHA-256:8C0F68565A374CA69966BB964590DC6EDA449BE28059E5FFD76C66CE9CD1F46C
                                                                                                              SHA-512:0EFE8ACF385D391D545973CEBEC65F57461941746A9106D36CD47662E25A9788D86BFB749C81911AE58E404CAECE3CF0E0D229BF82FF22E4BD25F10ADD5D760B
                                                                                                              Malicious:false
                                                                                                              URL:https://ogs.google.com/widget/app/so?awwd=1&gm3=1&origin=chrome-untrusted%3A%2F%2Fnew-tab-page&origin=chrome%3A%2F%2Fnew-tab-page&cn=app&pid=1&spid=243&hl=en
                                                                                                              Preview:<!doctype html><html lang="en" dir="ltr"><head><base href="https://ogs.google.com/"><link ref="preconnect" href="//www.gstatic.com"><meta name="referrer" content="origin"><link rel="canonical" href="https://ogs.google.com/widget/app/so"><link rel="preconnect" href="https://www.gstatic.com"><link rel="preconnect" href="https://ssl.gstatic.com"><script data-id="_gd" nonce="Y9uyxQCCQplhYn6BcT-tqA">window.WIZ_global_data = {"DpimGf":false,"EP1ykd":["/_/*"],"FdrFJe":"6679390075316160884","Im6cmf":"/_/OneGoogleWidgetUi","LVIXXb":1,"LoQv7e":true,"MT7f9b":[],"NrSucd":false,"OwAJ6e":false,"QrtxK":"","S06Grb":"","S6lZl":128566913,"TSDtV":"%.@.[[null,[[45459555,null,false,null,null,null,\"Imeoqb\"]],\"CAMSEx0W2eicEJbkAdysuBIIgvnaBgg\\u003d\"]]]","Vvafkd":false,"Yllh3e":"%.@.1714847087963148,126520843,118130196]","ZwjLXe":243,"cfb2h":"boq_onegooglehttpserver_20240430.01_p1","eptZe":"/_/OneGoogleWidgetUi/","fPDxwd":[48691166,48802160,93880156,97517170],"gGcLoe":false,"nQyAE":{},"qwAQke":"OneGoogleW

                                                                                                              Chrome Cache Entry: 122

                                                                                                              Download File
                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                              File Type:ASCII text
                                                                                                              Category:downloaded
                                                                                                              Size (bytes):19
                                                                                                              Entropy (8bit):3.6818808028034042
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:VQRWN:VQRWN
                                                                                                              MD5:9FAE2B6737B98261777262B14B586F28
                                                                                                              SHA1:79C894898B2CED39335EB0003C18B27AA8C6DDCD
                                                                                                              SHA-256:F55F6B26E77DF6647E544AE5B45892DCEA380B7A6D2BFAA1E023EA112CE81E73
                                                                                                              SHA-512:29CB8E5462B15488B0C6D5FC1673E273FB47841E9C76A4AA5415CA93CEA31B87052BBA511680F2BC9E6543A29F1BBFBA9D06FCC08F5C65BEB115EE7A9E5EFF36
                                                                                                              Malicious:false
                                                                                                              URL:https://www.google.com/async/ddljson?async=ntp:2
                                                                                                              Preview:)]}'.{"ddljson":{}}

                                                                                                              Static File Info

                                                                                                              General

                                                                                                              File type:PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                              Entropy (8bit):7.983684592136021
                                                                                                              TrID:
                                                                                                              • Win64 Executable GUI Net Framework (217006/5) 49.88%
                                                                                                              • Win64 Executable GUI (202006/5) 46.43%
                                                                                                              • Win64 Executable (generic) (12005/4) 2.76%
                                                                                                              • Generic Win/DOS Executable (2004/3) 0.46%
                                                                                                              • DOS Executable Generic (2002/1) 0.46%
                                                                                                              File name:FW URGENT RFQ-400098211.exe
                                                                                                              File size:637'340 bytes
                                                                                                              MD5:eb22df9e911f644327e4417b7e170727
                                                                                                              SHA1:fc4be943bdd75bea11402dafd25eac549662adfd
                                                                                                              SHA256:2b45e61ed11c6c785371e18c12018cc5ffbe85e5caa889b3101312f80677dd80
                                                                                                              SHA512:01de24ecba8390a7ea193e0d22a95a7e0980744a9448cea7b753335b1949d222d4a30a3fc3413ef1ba8aad3135d412bac3fa0fd2c160fcb140b170e40eb63471
                                                                                                              SSDEEP:12288:Slu3EQ1olbFupM4efMr6LNXRRNb6d2P2AdiSqIhaN4s5mi:SlEEQQ6Trm9RHb62PDqi/Omi
                                                                                                              TLSH:67D423E8D2FC641BF1BA4E755CF352685CFB7D66015AC38E944A04B92B3972033A1F62
                                                                                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....6............"...0..u............... ....@...... ....................................`................................

                                                                                                              File Icon

                                                                                                              Icon Hash:90cececece8e8eb0

                                                                                                              Static PE Info

                                                                                                              General

                                                                                                              Entrypoint:0x400000
                                                                                                              Entrypoint Section:
                                                                                                              Digitally signed:false
                                                                                                              Imagebase:0x400000
                                                                                                              Subsystem:windows gui
                                                                                                              Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                                                              DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                              Time Stamp:0x8E923614 [Wed Oct 18 13:39:32 2045 UTC]
                                                                                                              TLS Callbacks:
                                                                                                              CLR (.Net) Version:
                                                                                                              OS Version Major:4
                                                                                                              OS Version Minor:0
                                                                                                              File Version Major:4
                                                                                                              File Version Minor:0
                                                                                                              Subsystem Version Major:4
                                                                                                              Subsystem Version Minor:0
                                                                                                              Import Hash:

                                                                                                              Entrypoint Preview

                                                                                                              Instruction
                                                                                                              dec ebp
                                                                                                              pop edx
                                                                                                              nop
                                                                                                              add byte ptr [ebx], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax+eax], al
                                                                                                              add byte ptr [eax], al

                                                                                                              Data Directories

                                                                                                              NameVirtual AddressVirtual Size Is in Section
                                                                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0xa0000x950.rsrc
                                                                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x94660x38.text
                                                                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20000x48.text
                                                                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                              Sections

                                                                                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                              .text0x20000x75180x7600681fb733300a20d15da98b81741753ebFalse0.5777939618644068data6.297461876225848IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                              .rsrc0xa0000x9500xa00391d88eb5dfbef60c785ba2e827171b0False0.2421875data3.743868586898606IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                              Resources

                                                                                                              NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                              RT_VERSION0xa0700x470data0.4753521126760563
                                                                                                              RT_VERSION0xa4e00x470dataEnglishUnited States0.477112676056338

                                                                                                              Possible Origin

                                                                                                              Language of compilation systemCountry where language is spokenMap
                                                                                                              EnglishUnited States

                                                                                                              Network Behavior

                                                                                                              Network Port Distribution

                                                                                                              TCP Packets

                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                              May 4, 2024 20:22:44.315340042 CEST49675443192.168.2.4173.222.162.32
                                                                                                              May 4, 2024 20:22:46.596698999 CEST49678443192.168.2.4104.46.162.224
                                                                                                              May 4, 2024 20:22:53.925606966 CEST49675443192.168.2.4173.222.162.32
                                                                                                              May 4, 2024 20:22:55.607769012 CEST49731443192.168.2.4142.250.68.4
                                                                                                              May 4, 2024 20:22:55.607796907 CEST44349731142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:55.607858896 CEST49731443192.168.2.4142.250.68.4
                                                                                                              May 4, 2024 20:22:55.608268976 CEST49732443192.168.2.4142.250.68.4
                                                                                                              May 4, 2024 20:22:55.608311892 CEST44349732142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:55.608365059 CEST49732443192.168.2.4142.250.68.4
                                                                                                              May 4, 2024 20:22:55.608532906 CEST49733443192.168.2.4142.250.68.4
                                                                                                              May 4, 2024 20:22:55.608566999 CEST44349733142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:55.608606100 CEST49733443192.168.2.4142.250.68.4
                                                                                                              May 4, 2024 20:22:55.608905077 CEST49734443192.168.2.4142.250.68.4
                                                                                                              May 4, 2024 20:22:55.608935118 CEST44349734142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:55.608985901 CEST49734443192.168.2.4142.250.68.4
                                                                                                              May 4, 2024 20:22:55.650538921 CEST49739443192.168.2.4142.250.68.4
                                                                                                              May 4, 2024 20:22:55.650615931 CEST44349739142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:55.650681019 CEST49739443192.168.2.4142.250.68.4
                                                                                                              May 4, 2024 20:22:55.703027010 CEST49739443192.168.2.4142.250.68.4
                                                                                                              May 4, 2024 20:22:55.703072071 CEST44349739142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:55.713242054 CEST49734443192.168.2.4142.250.68.4
                                                                                                              May 4, 2024 20:22:55.713264942 CEST44349734142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:55.713674068 CEST49733443192.168.2.4142.250.68.4
                                                                                                              May 4, 2024 20:22:55.713701963 CEST44349733142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:55.713815928 CEST49732443192.168.2.4142.250.68.4
                                                                                                              May 4, 2024 20:22:55.713829041 CEST44349732142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:55.714180946 CEST49731443192.168.2.4142.250.68.4
                                                                                                              May 4, 2024 20:22:55.714190960 CEST44349731142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.018429995 CEST44349739142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.020827055 CEST44349733142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.023303986 CEST44349731142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.023504972 CEST44349734142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.025264978 CEST44349732142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.070390940 CEST49732443192.168.2.4142.250.68.4
                                                                                                              May 4, 2024 20:22:56.103812933 CEST49739443192.168.2.4142.250.68.4
                                                                                                              May 4, 2024 20:22:56.103873014 CEST44349739142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.103991032 CEST49733443192.168.2.4142.250.68.4
                                                                                                              May 4, 2024 20:22:56.104002953 CEST44349733142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.104053020 CEST49734443192.168.2.4142.250.68.4
                                                                                                              May 4, 2024 20:22:56.104068995 CEST49731443192.168.2.4142.250.68.4
                                                                                                              May 4, 2024 20:22:56.104496002 CEST49734443192.168.2.4142.250.68.4
                                                                                                              May 4, 2024 20:22:56.104511023 CEST44349734142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.104681015 CEST49731443192.168.2.4142.250.68.4
                                                                                                              May 4, 2024 20:22:56.104685068 CEST44349731142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.104815960 CEST49732443192.168.2.4142.250.68.4
                                                                                                              May 4, 2024 20:22:56.104826927 CEST44349732142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.105066061 CEST44349739142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.105070114 CEST44349733142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.105076075 CEST44349739142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.105078936 CEST44349733142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.105132103 CEST49739443192.168.2.4142.250.68.4
                                                                                                              May 4, 2024 20:22:56.105143070 CEST49733443192.168.2.4142.250.68.4
                                                                                                              May 4, 2024 20:22:56.105770111 CEST44349732142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.105778933 CEST44349734142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.105788946 CEST44349734142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.105814934 CEST49732443192.168.2.4142.250.68.4
                                                                                                              May 4, 2024 20:22:56.105843067 CEST49734443192.168.2.4142.250.68.4
                                                                                                              May 4, 2024 20:22:56.105871916 CEST44349731142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.105884075 CEST44349731142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.105918884 CEST49731443192.168.2.4142.250.68.4
                                                                                                              May 4, 2024 20:22:56.113418102 CEST49733443192.168.2.4142.250.68.4
                                                                                                              May 4, 2024 20:22:56.113481998 CEST44349733142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.113559008 CEST49739443192.168.2.4142.250.68.4
                                                                                                              May 4, 2024 20:22:56.113584042 CEST49731443192.168.2.4142.250.68.4
                                                                                                              May 4, 2024 20:22:56.113641024 CEST44349739142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.113655090 CEST44349731142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.113801956 CEST49734443192.168.2.4142.250.68.4
                                                                                                              May 4, 2024 20:22:56.113856077 CEST49732443192.168.2.4142.250.68.4
                                                                                                              May 4, 2024 20:22:56.113878965 CEST44349734142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.113919973 CEST44349732142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.115211964 CEST49733443192.168.2.4142.250.68.4
                                                                                                              May 4, 2024 20:22:56.115219116 CEST44349733142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.115323067 CEST49739443192.168.2.4142.250.68.4
                                                                                                              May 4, 2024 20:22:56.115343094 CEST44349739142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.115355968 CEST49731443192.168.2.4142.250.68.4
                                                                                                              May 4, 2024 20:22:56.115369081 CEST44349731142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.115830898 CEST49734443192.168.2.4142.250.68.4
                                                                                                              May 4, 2024 20:22:56.115843058 CEST44349734142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.176137924 CEST49732443192.168.2.4142.250.68.4
                                                                                                              May 4, 2024 20:22:56.176146030 CEST44349732142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.222278118 CEST49732443192.168.2.4142.250.68.4
                                                                                                              May 4, 2024 20:22:56.238228083 CEST49733443192.168.2.4142.250.68.4
                                                                                                              May 4, 2024 20:22:56.238235950 CEST49731443192.168.2.4142.250.68.4
                                                                                                              May 4, 2024 20:22:56.238239050 CEST49739443192.168.2.4142.250.68.4
                                                                                                              May 4, 2024 20:22:56.238257885 CEST49734443192.168.2.4142.250.68.4
                                                                                                              May 4, 2024 20:22:56.341670990 CEST44349739142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.341779947 CEST44349739142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.341844082 CEST49739443192.168.2.4142.250.68.4
                                                                                                              May 4, 2024 20:22:56.352725029 CEST44349733142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.352771044 CEST44349733142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.352828979 CEST49733443192.168.2.4142.250.68.4
                                                                                                              May 4, 2024 20:22:56.352830887 CEST44349733142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.352853060 CEST44349733142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.352890015 CEST49733443192.168.2.4142.250.68.4
                                                                                                              May 4, 2024 20:22:56.352901936 CEST44349733142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.353781939 CEST44349734142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.353884935 CEST44349734142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.353934050 CEST49734443192.168.2.4142.250.68.4
                                                                                                              May 4, 2024 20:22:56.357511044 CEST44349733142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.357553005 CEST49733443192.168.2.4142.250.68.4
                                                                                                              May 4, 2024 20:22:56.360920906 CEST44349731142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.360969067 CEST44349731142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.361013889 CEST49731443192.168.2.4142.250.68.4
                                                                                                              May 4, 2024 20:22:56.361020088 CEST44349731142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.361032009 CEST44349731142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.361064911 CEST49731443192.168.2.4142.250.68.4
                                                                                                              May 4, 2024 20:22:56.361077070 CEST44349731142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.364804983 CEST44349731142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.364846945 CEST49731443192.168.2.4142.250.68.4
                                                                                                              May 4, 2024 20:22:56.364852905 CEST44349731142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.374978065 CEST44349731142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.375001907 CEST44349731142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.375022888 CEST49731443192.168.2.4142.250.68.4
                                                                                                              May 4, 2024 20:22:56.375030994 CEST44349731142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.375067949 CEST49731443192.168.2.4142.250.68.4
                                                                                                              May 4, 2024 20:22:56.385396957 CEST44349731142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.395781040 CEST44349731142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.395823956 CEST49731443192.168.2.4142.250.68.4
                                                                                                              May 4, 2024 20:22:56.395832062 CEST44349731142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.423576117 CEST49739443192.168.2.4142.250.68.4
                                                                                                              May 4, 2024 20:22:56.423614025 CEST44349739142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.491432905 CEST49734443192.168.2.4142.250.68.4
                                                                                                              May 4, 2024 20:22:56.491461039 CEST44349734142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.492073059 CEST49733443192.168.2.4142.250.68.4
                                                                                                              May 4, 2024 20:22:56.492095947 CEST44349733142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.510359049 CEST44349731142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.510402918 CEST49731443192.168.2.4142.250.68.4
                                                                                                              May 4, 2024 20:22:56.510411978 CEST44349731142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.515425920 CEST44349731142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.515466928 CEST49731443192.168.2.4142.250.68.4
                                                                                                              May 4, 2024 20:22:56.515475035 CEST44349731142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.525907993 CEST44349731142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.525957108 CEST49731443192.168.2.4142.250.68.4
                                                                                                              May 4, 2024 20:22:56.525969982 CEST44349731142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.536341906 CEST44349731142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.536391973 CEST49731443192.168.2.4142.250.68.4
                                                                                                              May 4, 2024 20:22:56.536400080 CEST44349731142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.546750069 CEST44349731142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.546791077 CEST49731443192.168.2.4142.250.68.4
                                                                                                              May 4, 2024 20:22:56.546798944 CEST44349731142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.557208061 CEST44349731142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.557255983 CEST49731443192.168.2.4142.250.68.4
                                                                                                              May 4, 2024 20:22:56.557264090 CEST44349731142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.567349911 CEST44349731142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.567392111 CEST49731443192.168.2.4142.250.68.4
                                                                                                              May 4, 2024 20:22:56.567399025 CEST44349731142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.576661110 CEST44349731142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.576714039 CEST49731443192.168.2.4142.250.68.4
                                                                                                              May 4, 2024 20:22:56.576719999 CEST44349731142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.585808992 CEST44349731142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.585854053 CEST49731443192.168.2.4142.250.68.4
                                                                                                              May 4, 2024 20:22:56.585861921 CEST44349731142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.604275942 CEST44349731142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.604305029 CEST44349731142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.604320049 CEST49731443192.168.2.4142.250.68.4
                                                                                                              May 4, 2024 20:22:56.604331017 CEST44349731142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.604372978 CEST49731443192.168.2.4142.250.68.4
                                                                                                              May 4, 2024 20:22:56.613459110 CEST44349731142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.622661114 CEST44349731142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.622730970 CEST44349731142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.622760057 CEST49731443192.168.2.4142.250.68.4
                                                                                                              May 4, 2024 20:22:56.622767925 CEST44349731142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.625502110 CEST49731443192.168.2.4142.250.68.4
                                                                                                              May 4, 2024 20:22:56.631957054 CEST44349731142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.659801960 CEST44349731142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.659833908 CEST44349731142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.659857035 CEST49731443192.168.2.4142.250.68.4
                                                                                                              May 4, 2024 20:22:56.659864902 CEST44349731142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.662483931 CEST49731443192.168.2.4142.250.68.4
                                                                                                              May 4, 2024 20:22:56.663476944 CEST44349731142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.671051025 CEST44349731142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.671081066 CEST44349731142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.671149969 CEST49731443192.168.2.4142.250.68.4
                                                                                                              May 4, 2024 20:22:56.671156883 CEST44349731142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.671241999 CEST49731443192.168.2.4142.250.68.4
                                                                                                              May 4, 2024 20:22:56.677757025 CEST44349731142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.684545994 CEST44349731142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.684572935 CEST44349731142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.684698105 CEST49731443192.168.2.4142.250.68.4
                                                                                                              May 4, 2024 20:22:56.684706926 CEST44349731142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.684767008 CEST49731443192.168.2.4142.250.68.4
                                                                                                              May 4, 2024 20:22:56.691287994 CEST44349731142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.691339016 CEST44349731142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.691613913 CEST49731443192.168.2.4142.250.68.4
                                                                                                              May 4, 2024 20:22:56.691621065 CEST44349731142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.698051929 CEST44349731142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.698208094 CEST49731443192.168.2.4142.250.68.4
                                                                                                              May 4, 2024 20:22:56.698215961 CEST44349731142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.704839945 CEST44349731142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.705228090 CEST49731443192.168.2.4142.250.68.4
                                                                                                              May 4, 2024 20:22:56.705235004 CEST44349731142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.711607933 CEST44349731142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.711818933 CEST49731443192.168.2.4142.250.68.4
                                                                                                              May 4, 2024 20:22:56.711826086 CEST44349731142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.718400002 CEST44349731142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.718539953 CEST49731443192.168.2.4142.250.68.4
                                                                                                              May 4, 2024 20:22:56.718547106 CEST44349731142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.728487015 CEST44349731142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.728518009 CEST44349731142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.728909016 CEST49731443192.168.2.4142.250.68.4
                                                                                                              May 4, 2024 20:22:56.728918076 CEST44349731142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.735307932 CEST49731443192.168.2.4142.250.68.4
                                                                                                              May 4, 2024 20:22:56.735315084 CEST44349731142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.735328913 CEST44349731142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.735389948 CEST49731443192.168.2.4142.250.68.4
                                                                                                              May 4, 2024 20:22:56.742062092 CEST44349731142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.748786926 CEST44349731142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.748814106 CEST44349731142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.749408007 CEST49731443192.168.2.4142.250.68.4
                                                                                                              May 4, 2024 20:22:56.749416113 CEST44349731142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.754781961 CEST49731443192.168.2.4142.250.68.4
                                                                                                              May 4, 2024 20:22:56.755578041 CEST44349731142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.762340069 CEST44349731142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.762371063 CEST44349731142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.762418985 CEST49731443192.168.2.4142.250.68.4
                                                                                                              May 4, 2024 20:22:56.762428045 CEST44349731142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.762620926 CEST49731443192.168.2.4142.250.68.4
                                                                                                              May 4, 2024 20:22:56.769119978 CEST44349731142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.775732040 CEST44349731142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.775762081 CEST44349731142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.775834084 CEST49731443192.168.2.4142.250.68.4
                                                                                                              May 4, 2024 20:22:56.775840998 CEST44349731142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.775965929 CEST49731443192.168.2.4142.250.68.4
                                                                                                              May 4, 2024 20:22:56.782367945 CEST44349731142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.788724899 CEST44349731142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.788753986 CEST44349731142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.788811922 CEST49731443192.168.2.4142.250.68.4
                                                                                                              May 4, 2024 20:22:56.788820028 CEST44349731142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.789777994 CEST49731443192.168.2.4142.250.68.4
                                                                                                              May 4, 2024 20:22:56.794812918 CEST44349731142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.795944929 CEST4974280192.168.2.4208.95.112.1
                                                                                                              May 4, 2024 20:22:56.800703049 CEST44349731142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.800736904 CEST44349731142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.800761938 CEST49731443192.168.2.4142.250.68.4
                                                                                                              May 4, 2024 20:22:56.800770044 CEST44349731142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.805413961 CEST49731443192.168.2.4142.250.68.4
                                                                                                              May 4, 2024 20:22:56.806632042 CEST44349731142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.809570074 CEST44349731142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.815469980 CEST44349731142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.815498114 CEST44349731142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.815499067 CEST49731443192.168.2.4142.250.68.4
                                                                                                              May 4, 2024 20:22:56.815509081 CEST44349731142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.818412066 CEST49731443192.168.2.4142.250.68.4
                                                                                                              May 4, 2024 20:22:56.821362972 CEST44349731142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.821876049 CEST49731443192.168.2.4142.250.68.4
                                                                                                              May 4, 2024 20:22:56.821882010 CEST44349731142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.825126886 CEST44349731142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.825222969 CEST49731443192.168.2.4142.250.68.4
                                                                                                              May 4, 2024 20:22:56.825229883 CEST44349731142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.828680992 CEST44349731142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.829049110 CEST49731443192.168.2.4142.250.68.4
                                                                                                              May 4, 2024 20:22:56.829055071 CEST44349731142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.832267046 CEST44349731142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.835835934 CEST44349731142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.835865021 CEST49731443192.168.2.4142.250.68.4
                                                                                                              May 4, 2024 20:22:56.835867882 CEST44349731142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.835879087 CEST44349731142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.836430073 CEST49731443192.168.2.4142.250.68.4
                                                                                                              May 4, 2024 20:22:56.839397907 CEST44349731142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.842477083 CEST49731443192.168.2.4142.250.68.4
                                                                                                              May 4, 2024 20:22:56.842483044 CEST44349731142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.843105078 CEST44349731142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.843610048 CEST49731443192.168.2.4142.250.68.4
                                                                                                              May 4, 2024 20:22:56.843616962 CEST44349731142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.846438885 CEST44349731142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.846740007 CEST49731443192.168.2.4142.250.68.4
                                                                                                              May 4, 2024 20:22:56.846746922 CEST44349731142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.850214958 CEST44349731142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.850347042 CEST49731443192.168.2.4142.250.68.4
                                                                                                              May 4, 2024 20:22:56.850353956 CEST44349731142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.853327990 CEST44349731142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.856647015 CEST44349731142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.856673956 CEST49731443192.168.2.4142.250.68.4
                                                                                                              May 4, 2024 20:22:56.856681108 CEST44349731142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.856827974 CEST44349731142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:56.856849909 CEST49731443192.168.2.4142.250.68.4
                                                                                                              May 4, 2024 20:22:56.858016014 CEST49731443192.168.2.4142.250.68.4
                                                                                                              May 4, 2024 20:22:56.858016014 CEST49731443192.168.2.4142.250.68.4
                                                                                                              May 4, 2024 20:22:56.945559978 CEST8049742208.95.112.1192.168.2.4
                                                                                                              May 4, 2024 20:22:56.945715904 CEST4974280192.168.2.4208.95.112.1
                                                                                                              May 4, 2024 20:22:56.951899052 CEST4974280192.168.2.4208.95.112.1
                                                                                                              May 4, 2024 20:22:57.102150917 CEST8049742208.95.112.1192.168.2.4
                                                                                                              May 4, 2024 20:22:57.191057920 CEST4974280192.168.2.4208.95.112.1
                                                                                                              May 4, 2024 20:22:57.238413095 CEST49731443192.168.2.4142.250.68.4
                                                                                                              May 4, 2024 20:22:57.238424063 CEST44349731142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:22:57.810551882 CEST49747587192.168.2.4108.170.55.203
                                                                                                              May 4, 2024 20:22:57.968539953 CEST58749747108.170.55.203192.168.2.4
                                                                                                              May 4, 2024 20:22:57.968601942 CEST49747587192.168.2.4108.170.55.203
                                                                                                              May 4, 2024 20:22:58.425980091 CEST58749747108.170.55.203192.168.2.4
                                                                                                              May 4, 2024 20:22:58.427596092 CEST49747587192.168.2.4108.170.55.203
                                                                                                              May 4, 2024 20:22:58.585742950 CEST58749747108.170.55.203192.168.2.4
                                                                                                              May 4, 2024 20:22:58.647001028 CEST49747587192.168.2.4108.170.55.203
                                                                                                              May 4, 2024 20:22:58.701276064 CEST49747587192.168.2.4108.170.55.203
                                                                                                              May 4, 2024 20:22:58.861298084 CEST58749747108.170.55.203192.168.2.4
                                                                                                              May 4, 2024 20:22:58.940493107 CEST49747587192.168.2.4108.170.55.203
                                                                                                              May 4, 2024 20:22:59.341315985 CEST49747587192.168.2.4108.170.55.203
                                                                                                              May 4, 2024 20:22:59.508852005 CEST58749747108.170.55.203192.168.2.4
                                                                                                              May 4, 2024 20:22:59.508872986 CEST58749747108.170.55.203192.168.2.4
                                                                                                              May 4, 2024 20:22:59.508887053 CEST58749747108.170.55.203192.168.2.4
                                                                                                              May 4, 2024 20:22:59.508900881 CEST58749747108.170.55.203192.168.2.4
                                                                                                              May 4, 2024 20:22:59.508932114 CEST49747587192.168.2.4108.170.55.203
                                                                                                              May 4, 2024 20:22:59.511395931 CEST58749747108.170.55.203192.168.2.4
                                                                                                              May 4, 2024 20:22:59.559287071 CEST49747587192.168.2.4108.170.55.203
                                                                                                              May 4, 2024 20:22:59.627563953 CEST49751443192.168.2.4172.217.12.142
                                                                                                              May 4, 2024 20:22:59.627592087 CEST44349751172.217.12.142192.168.2.4
                                                                                                              May 4, 2024 20:22:59.627641916 CEST49751443192.168.2.4172.217.12.142
                                                                                                              May 4, 2024 20:22:59.638668060 CEST49751443192.168.2.4172.217.12.142
                                                                                                              May 4, 2024 20:22:59.638684988 CEST44349751172.217.12.142192.168.2.4
                                                                                                              May 4, 2024 20:22:59.717653036 CEST58749747108.170.55.203192.168.2.4
                                                                                                              May 4, 2024 20:22:59.793440104 CEST49747587192.168.2.4108.170.55.203
                                                                                                              May 4, 2024 20:22:59.950778961 CEST44349751172.217.12.142192.168.2.4
                                                                                                              May 4, 2024 20:22:59.950988054 CEST49751443192.168.2.4172.217.12.142
                                                                                                              May 4, 2024 20:22:59.951006889 CEST44349751172.217.12.142192.168.2.4
                                                                                                              May 4, 2024 20:22:59.951463938 CEST58749747108.170.55.203192.168.2.4
                                                                                                              May 4, 2024 20:22:59.952003002 CEST44349751172.217.12.142192.168.2.4
                                                                                                              May 4, 2024 20:22:59.952049971 CEST49751443192.168.2.4172.217.12.142
                                                                                                              May 4, 2024 20:22:59.952301025 CEST49747587192.168.2.4108.170.55.203
                                                                                                              May 4, 2024 20:22:59.956871033 CEST49751443192.168.2.4172.217.12.142
                                                                                                              May 4, 2024 20:22:59.956931114 CEST44349751172.217.12.142192.168.2.4
                                                                                                              May 4, 2024 20:22:59.957048893 CEST49751443192.168.2.4172.217.12.142
                                                                                                              May 4, 2024 20:22:59.957055092 CEST44349751172.217.12.142192.168.2.4
                                                                                                              May 4, 2024 20:23:00.108692884 CEST49751443192.168.2.4172.217.12.142
                                                                                                              May 4, 2024 20:23:00.110752106 CEST58749747108.170.55.203192.168.2.4
                                                                                                              May 4, 2024 20:23:00.111032009 CEST49747587192.168.2.4108.170.55.203
                                                                                                              May 4, 2024 20:23:00.252305031 CEST44349751172.217.12.142192.168.2.4
                                                                                                              May 4, 2024 20:23:00.252346992 CEST44349751172.217.12.142192.168.2.4
                                                                                                              May 4, 2024 20:23:00.252377033 CEST49751443192.168.2.4172.217.12.142
                                                                                                              May 4, 2024 20:23:00.252377987 CEST44349751172.217.12.142192.168.2.4
                                                                                                              May 4, 2024 20:23:00.252391100 CEST44349751172.217.12.142192.168.2.4
                                                                                                              May 4, 2024 20:23:00.252422094 CEST44349751172.217.12.142192.168.2.4
                                                                                                              May 4, 2024 20:23:00.252424002 CEST49751443192.168.2.4172.217.12.142
                                                                                                              May 4, 2024 20:23:00.252429962 CEST44349751172.217.12.142192.168.2.4
                                                                                                              May 4, 2024 20:23:00.252468109 CEST49751443192.168.2.4172.217.12.142
                                                                                                              May 4, 2024 20:23:00.252473116 CEST44349751172.217.12.142192.168.2.4
                                                                                                              May 4, 2024 20:23:00.263964891 CEST44349751172.217.12.142192.168.2.4
                                                                                                              May 4, 2024 20:23:00.264014006 CEST49751443192.168.2.4172.217.12.142
                                                                                                              May 4, 2024 20:23:00.264020920 CEST44349751172.217.12.142192.168.2.4
                                                                                                              May 4, 2024 20:23:00.273621082 CEST44349751172.217.12.142192.168.2.4
                                                                                                              May 4, 2024 20:23:00.273663044 CEST49751443192.168.2.4172.217.12.142
                                                                                                              May 4, 2024 20:23:00.273669004 CEST44349751172.217.12.142192.168.2.4
                                                                                                              May 4, 2024 20:23:00.284327984 CEST44349751172.217.12.142192.168.2.4
                                                                                                              May 4, 2024 20:23:00.284480095 CEST49751443192.168.2.4172.217.12.142
                                                                                                              May 4, 2024 20:23:00.284486055 CEST44349751172.217.12.142192.168.2.4
                                                                                                              May 4, 2024 20:23:00.309020996 CEST58749747108.170.55.203192.168.2.4
                                                                                                              May 4, 2024 20:23:00.344548941 CEST58749747108.170.55.203192.168.2.4
                                                                                                              May 4, 2024 20:23:00.344841003 CEST49747587192.168.2.4108.170.55.203
                                                                                                              May 4, 2024 20:23:00.401608944 CEST44349751172.217.12.142192.168.2.4
                                                                                                              May 4, 2024 20:23:00.401633978 CEST44349751172.217.12.142192.168.2.4
                                                                                                              May 4, 2024 20:23:00.401757956 CEST49751443192.168.2.4172.217.12.142
                                                                                                              May 4, 2024 20:23:00.401773930 CEST44349751172.217.12.142192.168.2.4
                                                                                                              May 4, 2024 20:23:00.401819944 CEST49751443192.168.2.4172.217.12.142
                                                                                                              May 4, 2024 20:23:00.406799078 CEST44349751172.217.12.142192.168.2.4
                                                                                                              May 4, 2024 20:23:00.417275906 CEST44349751172.217.12.142192.168.2.4
                                                                                                              May 4, 2024 20:23:00.417296886 CEST44349751172.217.12.142192.168.2.4
                                                                                                              May 4, 2024 20:23:00.417330980 CEST49751443192.168.2.4172.217.12.142
                                                                                                              May 4, 2024 20:23:00.417340040 CEST44349751172.217.12.142192.168.2.4
                                                                                                              May 4, 2024 20:23:00.417373896 CEST49751443192.168.2.4172.217.12.142
                                                                                                              May 4, 2024 20:23:00.428343058 CEST44349751172.217.12.142192.168.2.4
                                                                                                              May 4, 2024 20:23:00.438870907 CEST44349751172.217.12.142192.168.2.4
                                                                                                              May 4, 2024 20:23:00.438896894 CEST44349751172.217.12.142192.168.2.4
                                                                                                              May 4, 2024 20:23:00.438914061 CEST49751443192.168.2.4172.217.12.142
                                                                                                              May 4, 2024 20:23:00.438920021 CEST44349751172.217.12.142192.168.2.4
                                                                                                              May 4, 2024 20:23:00.438956976 CEST49751443192.168.2.4172.217.12.142
                                                                                                              May 4, 2024 20:23:00.448642969 CEST44349751172.217.12.142192.168.2.4
                                                                                                              May 4, 2024 20:23:00.459127903 CEST44349751172.217.12.142192.168.2.4
                                                                                                              May 4, 2024 20:23:00.459158897 CEST44349751172.217.12.142192.168.2.4
                                                                                                              May 4, 2024 20:23:00.459175110 CEST49751443192.168.2.4172.217.12.142
                                                                                                              May 4, 2024 20:23:00.459182978 CEST44349751172.217.12.142192.168.2.4
                                                                                                              May 4, 2024 20:23:00.459218025 CEST49751443192.168.2.4172.217.12.142
                                                                                                              May 4, 2024 20:23:00.468988895 CEST44349751172.217.12.142192.168.2.4
                                                                                                              May 4, 2024 20:23:00.479619026 CEST44349751172.217.12.142192.168.2.4
                                                                                                              May 4, 2024 20:23:00.479646921 CEST44349751172.217.12.142192.168.2.4
                                                                                                              May 4, 2024 20:23:00.479659081 CEST49751443192.168.2.4172.217.12.142
                                                                                                              May 4, 2024 20:23:00.479664087 CEST44349751172.217.12.142192.168.2.4
                                                                                                              May 4, 2024 20:23:00.479701996 CEST49751443192.168.2.4172.217.12.142
                                                                                                              May 4, 2024 20:23:00.491214037 CEST44349751172.217.12.142192.168.2.4
                                                                                                              May 4, 2024 20:23:00.500570059 CEST44349751172.217.12.142192.168.2.4
                                                                                                              May 4, 2024 20:23:00.500597954 CEST44349751172.217.12.142192.168.2.4
                                                                                                              May 4, 2024 20:23:00.500618935 CEST49751443192.168.2.4172.217.12.142
                                                                                                              May 4, 2024 20:23:00.500623941 CEST44349751172.217.12.142192.168.2.4
                                                                                                              May 4, 2024 20:23:00.500658035 CEST49751443192.168.2.4172.217.12.142
                                                                                                              May 4, 2024 20:23:00.506702900 CEST58749747108.170.55.203192.168.2.4
                                                                                                              May 4, 2024 20:23:00.506717920 CEST58749747108.170.55.203192.168.2.4
                                                                                                              May 4, 2024 20:23:00.506896019 CEST49747587192.168.2.4108.170.55.203
                                                                                                              May 4, 2024 20:23:00.510668039 CEST44349751172.217.12.142192.168.2.4
                                                                                                              May 4, 2024 20:23:00.520459890 CEST44349751172.217.12.142192.168.2.4
                                                                                                              May 4, 2024 20:23:00.520486116 CEST44349751172.217.12.142192.168.2.4
                                                                                                              May 4, 2024 20:23:00.520610094 CEST49751443192.168.2.4172.217.12.142
                                                                                                              May 4, 2024 20:23:00.520616055 CEST44349751172.217.12.142192.168.2.4
                                                                                                              May 4, 2024 20:23:00.520654917 CEST49751443192.168.2.4172.217.12.142
                                                                                                              May 4, 2024 20:23:00.528017044 CEST44349751172.217.12.142192.168.2.4
                                                                                                              May 4, 2024 20:23:00.551024914 CEST44349751172.217.12.142192.168.2.4
                                                                                                              May 4, 2024 20:23:00.551065922 CEST44349751172.217.12.142192.168.2.4
                                                                                                              May 4, 2024 20:23:00.551079035 CEST49751443192.168.2.4172.217.12.142
                                                                                                              May 4, 2024 20:23:00.551083088 CEST44349751172.217.12.142192.168.2.4
                                                                                                              May 4, 2024 20:23:00.551111937 CEST49751443192.168.2.4172.217.12.142
                                                                                                              May 4, 2024 20:23:00.555367947 CEST44349751172.217.12.142192.168.2.4
                                                                                                              May 4, 2024 20:23:00.563496113 CEST44349751172.217.12.142192.168.2.4
                                                                                                              May 4, 2024 20:23:00.563517094 CEST44349751172.217.12.142192.168.2.4
                                                                                                              May 4, 2024 20:23:00.563540936 CEST49751443192.168.2.4172.217.12.142
                                                                                                              May 4, 2024 20:23:00.563548088 CEST44349751172.217.12.142192.168.2.4
                                                                                                              May 4, 2024 20:23:00.563582897 CEST49751443192.168.2.4172.217.12.142
                                                                                                              May 4, 2024 20:23:00.571274042 CEST44349751172.217.12.142192.168.2.4
                                                                                                              May 4, 2024 20:23:00.578563929 CEST44349751172.217.12.142192.168.2.4
                                                                                                              May 4, 2024 20:23:00.578587055 CEST44349751172.217.12.142192.168.2.4
                                                                                                              May 4, 2024 20:23:00.578605890 CEST49751443192.168.2.4172.217.12.142
                                                                                                              May 4, 2024 20:23:00.578619957 CEST44349751172.217.12.142192.168.2.4
                                                                                                              May 4, 2024 20:23:00.578658104 CEST49751443192.168.2.4172.217.12.142
                                                                                                              May 4, 2024 20:23:00.585843086 CEST44349751172.217.12.142192.168.2.4
                                                                                                              May 4, 2024 20:23:00.593111992 CEST44349751172.217.12.142192.168.2.4
                                                                                                              May 4, 2024 20:23:00.593137980 CEST44349751172.217.12.142192.168.2.4
                                                                                                              May 4, 2024 20:23:00.593172073 CEST49751443192.168.2.4172.217.12.142
                                                                                                              May 4, 2024 20:23:00.593180895 CEST44349751172.217.12.142192.168.2.4
                                                                                                              May 4, 2024 20:23:00.593214035 CEST49751443192.168.2.4172.217.12.142
                                                                                                              May 4, 2024 20:23:00.600409985 CEST44349751172.217.12.142192.168.2.4
                                                                                                              May 4, 2024 20:23:00.604073048 CEST44349751172.217.12.142192.168.2.4
                                                                                                              May 4, 2024 20:23:00.604115963 CEST49751443192.168.2.4172.217.12.142
                                                                                                              May 4, 2024 20:23:00.604123116 CEST44349751172.217.12.142192.168.2.4
                                                                                                              May 4, 2024 20:23:00.611352921 CEST44349751172.217.12.142192.168.2.4
                                                                                                              May 4, 2024 20:23:00.611394882 CEST49751443192.168.2.4172.217.12.142
                                                                                                              May 4, 2024 20:23:00.611401081 CEST44349751172.217.12.142192.168.2.4
                                                                                                              May 4, 2024 20:23:00.618650913 CEST44349751172.217.12.142192.168.2.4
                                                                                                              May 4, 2024 20:23:00.618694067 CEST49751443192.168.2.4172.217.12.142
                                                                                                              May 4, 2024 20:23:00.618702888 CEST44349751172.217.12.142192.168.2.4
                                                                                                              May 4, 2024 20:23:00.625912905 CEST44349751172.217.12.142192.168.2.4
                                                                                                              May 4, 2024 20:23:00.625951052 CEST49751443192.168.2.4172.217.12.142
                                                                                                              May 4, 2024 20:23:00.625957966 CEST44349751172.217.12.142192.168.2.4
                                                                                                              May 4, 2024 20:23:00.633238077 CEST44349751172.217.12.142192.168.2.4
                                                                                                              May 4, 2024 20:23:00.633457899 CEST49751443192.168.2.4172.217.12.142
                                                                                                              May 4, 2024 20:23:00.633465052 CEST44349751172.217.12.142192.168.2.4
                                                                                                              May 4, 2024 20:23:00.640465021 CEST44349751172.217.12.142192.168.2.4
                                                                                                              May 4, 2024 20:23:00.640594959 CEST49751443192.168.2.4172.217.12.142
                                                                                                              May 4, 2024 20:23:00.640614986 CEST44349751172.217.12.142192.168.2.4
                                                                                                              May 4, 2024 20:23:00.647790909 CEST44349751172.217.12.142192.168.2.4
                                                                                                              May 4, 2024 20:23:00.647838116 CEST49751443192.168.2.4172.217.12.142
                                                                                                              May 4, 2024 20:23:00.647845984 CEST44349751172.217.12.142192.168.2.4
                                                                                                              May 4, 2024 20:23:00.654997110 CEST44349751172.217.12.142192.168.2.4
                                                                                                              May 4, 2024 20:23:00.655044079 CEST49751443192.168.2.4172.217.12.142
                                                                                                              May 4, 2024 20:23:00.655049086 CEST44349751172.217.12.142192.168.2.4
                                                                                                              May 4, 2024 20:23:00.662185907 CEST44349751172.217.12.142192.168.2.4
                                                                                                              May 4, 2024 20:23:00.662231922 CEST49751443192.168.2.4172.217.12.142
                                                                                                              May 4, 2024 20:23:00.662236929 CEST44349751172.217.12.142192.168.2.4
                                                                                                              May 4, 2024 20:23:00.669105053 CEST44349751172.217.12.142192.168.2.4
                                                                                                              May 4, 2024 20:23:00.669150114 CEST49751443192.168.2.4172.217.12.142
                                                                                                              May 4, 2024 20:23:00.669153929 CEST44349751172.217.12.142192.168.2.4
                                                                                                              May 4, 2024 20:23:00.675653934 CEST44349751172.217.12.142192.168.2.4
                                                                                                              May 4, 2024 20:23:00.676182985 CEST49751443192.168.2.4172.217.12.142
                                                                                                              May 4, 2024 20:23:00.676187038 CEST44349751172.217.12.142192.168.2.4
                                                                                                              May 4, 2024 20:23:00.688292980 CEST44349751172.217.12.142192.168.2.4
                                                                                                              May 4, 2024 20:23:00.688338041 CEST49751443192.168.2.4172.217.12.142
                                                                                                              May 4, 2024 20:23:00.688343048 CEST44349751172.217.12.142192.168.2.4
                                                                                                              May 4, 2024 20:23:00.691302061 CEST44349751172.217.12.142192.168.2.4
                                                                                                              May 4, 2024 20:23:00.693444014 CEST49751443192.168.2.4172.217.12.142
                                                                                                              May 4, 2024 20:23:00.693454027 CEST44349751172.217.12.142192.168.2.4
                                                                                                              May 4, 2024 20:23:00.697326899 CEST44349751172.217.12.142192.168.2.4
                                                                                                              May 4, 2024 20:23:00.702450037 CEST49751443192.168.2.4172.217.12.142
                                                                                                              May 4, 2024 20:23:00.702454090 CEST44349751172.217.12.142192.168.2.4
                                                                                                              May 4, 2024 20:23:00.703212023 CEST44349751172.217.12.142192.168.2.4
                                                                                                              May 4, 2024 20:23:00.703255892 CEST49751443192.168.2.4172.217.12.142
                                                                                                              May 4, 2024 20:23:00.703260899 CEST44349751172.217.12.142192.168.2.4
                                                                                                              May 4, 2024 20:23:00.704405069 CEST58749747108.170.55.203192.168.2.4
                                                                                                              May 4, 2024 20:23:00.709084034 CEST44349751172.217.12.142192.168.2.4
                                                                                                              May 4, 2024 20:23:00.714440107 CEST49751443192.168.2.4172.217.12.142
                                                                                                              May 4, 2024 20:23:00.714449883 CEST44349751172.217.12.142192.168.2.4
                                                                                                              May 4, 2024 20:23:00.714941025 CEST44349751172.217.12.142192.168.2.4
                                                                                                              May 4, 2024 20:23:00.716981888 CEST49751443192.168.2.4172.217.12.142
                                                                                                              May 4, 2024 20:23:00.716988087 CEST44349751172.217.12.142192.168.2.4
                                                                                                              May 4, 2024 20:23:00.718507051 CEST44349751172.217.12.142192.168.2.4
                                                                                                              May 4, 2024 20:23:00.718559027 CEST49751443192.168.2.4172.217.12.142
                                                                                                              May 4, 2024 20:23:00.718564987 CEST44349751172.217.12.142192.168.2.4
                                                                                                              May 4, 2024 20:23:00.722171068 CEST44349751172.217.12.142192.168.2.4
                                                                                                              May 4, 2024 20:23:00.722213030 CEST49751443192.168.2.4172.217.12.142
                                                                                                              May 4, 2024 20:23:00.722219944 CEST44349751172.217.12.142192.168.2.4
                                                                                                              May 4, 2024 20:23:00.725670099 CEST44349751172.217.12.142192.168.2.4
                                                                                                              May 4, 2024 20:23:00.726463079 CEST49751443192.168.2.4172.217.12.142
                                                                                                              May 4, 2024 20:23:00.726470947 CEST44349751172.217.12.142192.168.2.4
                                                                                                              May 4, 2024 20:23:00.729204893 CEST44349751172.217.12.142192.168.2.4
                                                                                                              May 4, 2024 20:23:00.729264975 CEST49751443192.168.2.4172.217.12.142
                                                                                                              May 4, 2024 20:23:00.729270935 CEST44349751172.217.12.142192.168.2.4
                                                                                                              May 4, 2024 20:23:00.729291916 CEST44349751172.217.12.142192.168.2.4
                                                                                                              May 4, 2024 20:23:00.729332924 CEST49751443192.168.2.4172.217.12.142
                                                                                                              May 4, 2024 20:23:00.733798027 CEST49751443192.168.2.4172.217.12.142
                                                                                                              May 4, 2024 20:23:00.733815908 CEST44349751172.217.12.142192.168.2.4
                                                                                                              May 4, 2024 20:23:00.737559080 CEST58749747108.170.55.203192.168.2.4
                                                                                                              May 4, 2024 20:23:00.739960909 CEST49747587192.168.2.4108.170.55.203
                                                                                                              May 4, 2024 20:23:00.897970915 CEST58749747108.170.55.203192.168.2.4
                                                                                                              May 4, 2024 20:23:00.898008108 CEST58749747108.170.55.203192.168.2.4
                                                                                                              May 4, 2024 20:23:00.898571014 CEST49747587192.168.2.4108.170.55.203
                                                                                                              May 4, 2024 20:23:00.898622990 CEST49747587192.168.2.4108.170.55.203
                                                                                                              May 4, 2024 20:23:00.898633957 CEST49747587192.168.2.4108.170.55.203
                                                                                                              May 4, 2024 20:23:00.898660898 CEST49747587192.168.2.4108.170.55.203
                                                                                                              May 4, 2024 20:23:01.056545019 CEST58749747108.170.55.203192.168.2.4
                                                                                                              May 4, 2024 20:23:01.056555033 CEST58749747108.170.55.203192.168.2.4
                                                                                                              May 4, 2024 20:23:01.056853056 CEST58749747108.170.55.203192.168.2.4
                                                                                                              May 4, 2024 20:23:01.069122076 CEST58749747108.170.55.203192.168.2.4
                                                                                                              May 4, 2024 20:23:01.162103891 CEST49747587192.168.2.4108.170.55.203
                                                                                                              May 4, 2024 20:23:06.014475107 CEST44349732142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:23:06.014563084 CEST44349732142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:23:06.014615059 CEST49732443192.168.2.4142.250.68.4
                                                                                                              May 4, 2024 20:23:07.019500971 CEST49732443192.168.2.4142.250.68.4
                                                                                                              May 4, 2024 20:23:07.019536018 CEST44349732142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:23:31.197813034 CEST8049742208.95.112.1192.168.2.4
                                                                                                              May 4, 2024 20:23:31.197890997 CEST4974280192.168.2.4208.95.112.1
                                                                                                              May 4, 2024 20:23:45.846925974 CEST8049742208.95.112.1192.168.2.4
                                                                                                              May 4, 2024 20:23:57.908024073 CEST49766443192.168.2.4142.250.68.4
                                                                                                              May 4, 2024 20:23:57.908058882 CEST44349766142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:23:57.908159018 CEST49766443192.168.2.4142.250.68.4
                                                                                                              May 4, 2024 20:23:57.908684015 CEST49766443192.168.2.4142.250.68.4
                                                                                                              May 4, 2024 20:23:57.908699036 CEST44349766142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:23:58.217140913 CEST44349766142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:23:58.217514038 CEST49766443192.168.2.4142.250.68.4
                                                                                                              May 4, 2024 20:23:58.217525005 CEST44349766142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:23:58.217803955 CEST44349766142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:23:58.218225956 CEST49766443192.168.2.4142.250.68.4
                                                                                                              May 4, 2024 20:23:58.218286037 CEST44349766142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:23:58.266120911 CEST49766443192.168.2.4142.250.68.4
                                                                                                              May 4, 2024 20:24:04.001159906 CEST4972380192.168.2.423.206.229.80
                                                                                                              May 4, 2024 20:24:04.151864052 CEST804972323.206.229.80192.168.2.4
                                                                                                              May 4, 2024 20:24:04.151943922 CEST4972380192.168.2.423.206.229.80
                                                                                                              May 4, 2024 20:24:08.210963964 CEST44349766142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:24:08.211026907 CEST44349766142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:24:08.211096048 CEST49766443192.168.2.4142.250.68.4
                                                                                                              May 4, 2024 20:24:09.019824028 CEST49766443192.168.2.4142.250.68.4
                                                                                                              May 4, 2024 20:24:09.019850016 CEST44349766142.250.68.4192.168.2.4
                                                                                                              May 4, 2024 20:24:37.713179111 CEST49747587192.168.2.4108.170.55.203
                                                                                                              May 4, 2024 20:24:37.872126102 CEST58749747108.170.55.203192.168.2.4
                                                                                                              May 4, 2024 20:24:37.877273083 CEST49747587192.168.2.4108.170.55.203
                                                                                                              May 4, 2024 20:24:46.070050001 CEST49768443192.168.2.4142.250.72.142
                                                                                                              May 4, 2024 20:24:46.070091963 CEST44349768142.250.72.142192.168.2.4
                                                                                                              May 4, 2024 20:24:46.070180893 CEST49768443192.168.2.4142.250.72.142
                                                                                                              May 4, 2024 20:24:46.070386887 CEST49768443192.168.2.4142.250.72.142
                                                                                                              May 4, 2024 20:24:46.070400953 CEST44349768142.250.72.142192.168.2.4
                                                                                                              May 4, 2024 20:24:46.381524086 CEST44349768142.250.72.142192.168.2.4
                                                                                                              May 4, 2024 20:24:46.431583881 CEST49768443192.168.2.4142.250.72.142
                                                                                                              May 4, 2024 20:24:47.794013977 CEST49768443192.168.2.4142.250.72.142
                                                                                                              May 4, 2024 20:24:47.794042110 CEST44349768142.250.72.142192.168.2.4
                                                                                                              May 4, 2024 20:24:47.794481993 CEST44349768142.250.72.142192.168.2.4
                                                                                                              May 4, 2024 20:24:47.794559002 CEST49768443192.168.2.4142.250.72.142
                                                                                                              May 4, 2024 20:24:47.795095921 CEST44349768142.250.72.142192.168.2.4
                                                                                                              May 4, 2024 20:24:47.795151949 CEST49768443192.168.2.4142.250.72.142
                                                                                                              May 4, 2024 20:24:47.840598106 CEST49768443192.168.2.4142.250.72.142
                                                                                                              May 4, 2024 20:24:47.840687037 CEST44349768142.250.72.142192.168.2.4
                                                                                                              May 4, 2024 20:24:47.840743065 CEST49768443192.168.2.4142.250.72.142
                                                                                                              May 4, 2024 20:24:47.884116888 CEST44349768142.250.72.142192.168.2.4
                                                                                                              May 4, 2024 20:24:47.888395071 CEST49768443192.168.2.4142.250.72.142
                                                                                                              May 4, 2024 20:24:47.888407946 CEST44349768142.250.72.142192.168.2.4
                                                                                                              May 4, 2024 20:24:47.942487001 CEST49768443192.168.2.4142.250.72.142
                                                                                                              May 4, 2024 20:24:48.105711937 CEST44349768142.250.72.142192.168.2.4
                                                                                                              May 4, 2024 20:24:48.105729103 CEST44349768142.250.72.142192.168.2.4
                                                                                                              May 4, 2024 20:24:48.105859041 CEST49768443192.168.2.4142.250.72.142
                                                                                                              May 4, 2024 20:24:48.105874062 CEST44349768142.250.72.142192.168.2.4
                                                                                                              May 4, 2024 20:24:48.116214037 CEST44349768142.250.72.142192.168.2.4
                                                                                                              May 4, 2024 20:24:48.116336107 CEST49768443192.168.2.4142.250.72.142
                                                                                                              May 4, 2024 20:24:48.116343975 CEST44349768142.250.72.142192.168.2.4
                                                                                                              May 4, 2024 20:24:48.126914978 CEST44349768142.250.72.142192.168.2.4
                                                                                                              May 4, 2024 20:24:48.126990080 CEST49768443192.168.2.4142.250.72.142
                                                                                                              May 4, 2024 20:24:48.126996040 CEST44349768142.250.72.142192.168.2.4
                                                                                                              May 4, 2024 20:24:48.136313915 CEST44349768142.250.72.142192.168.2.4
                                                                                                              May 4, 2024 20:24:48.136388063 CEST49768443192.168.2.4142.250.72.142
                                                                                                              May 4, 2024 20:24:48.136393070 CEST44349768142.250.72.142192.168.2.4
                                                                                                              May 4, 2024 20:24:48.148063898 CEST44349768142.250.72.142192.168.2.4
                                                                                                              May 4, 2024 20:24:48.148134947 CEST49768443192.168.2.4142.250.72.142
                                                                                                              May 4, 2024 20:24:48.148142099 CEST44349768142.250.72.142192.168.2.4
                                                                                                              May 4, 2024 20:24:48.158590078 CEST44349768142.250.72.142192.168.2.4
                                                                                                              May 4, 2024 20:24:48.158663988 CEST49768443192.168.2.4142.250.72.142
                                                                                                              May 4, 2024 20:24:48.158669949 CEST44349768142.250.72.142192.168.2.4
                                                                                                              May 4, 2024 20:24:48.168085098 CEST44349768142.250.72.142192.168.2.4
                                                                                                              May 4, 2024 20:24:48.168155909 CEST49768443192.168.2.4142.250.72.142
                                                                                                              May 4, 2024 20:24:48.168160915 CEST44349768142.250.72.142192.168.2.4
                                                                                                              May 4, 2024 20:24:48.224298000 CEST49768443192.168.2.4142.250.72.142
                                                                                                              May 4, 2024 20:24:48.255176067 CEST44349768142.250.72.142192.168.2.4
                                                                                                              May 4, 2024 20:24:48.255271912 CEST49768443192.168.2.4142.250.72.142
                                                                                                              May 4, 2024 20:24:48.260430098 CEST44349768142.250.72.142192.168.2.4
                                                                                                              May 4, 2024 20:24:48.260510921 CEST49768443192.168.2.4142.250.72.142
                                                                                                              May 4, 2024 20:24:48.271178007 CEST44349768142.250.72.142192.168.2.4
                                                                                                              May 4, 2024 20:24:48.271255016 CEST49768443192.168.2.4142.250.72.142
                                                                                                              May 4, 2024 20:24:48.281642914 CEST44349768142.250.72.142192.168.2.4
                                                                                                              May 4, 2024 20:24:48.281719923 CEST49768443192.168.2.4142.250.72.142
                                                                                                              May 4, 2024 20:24:48.292223930 CEST44349768142.250.72.142192.168.2.4
                                                                                                              May 4, 2024 20:24:48.292301893 CEST49768443192.168.2.4142.250.72.142
                                                                                                              May 4, 2024 20:24:48.302736998 CEST44349768142.250.72.142192.168.2.4
                                                                                                              May 4, 2024 20:24:48.302768946 CEST44349768142.250.72.142192.168.2.4
                                                                                                              May 4, 2024 20:24:48.302791119 CEST49768443192.168.2.4142.250.72.142
                                                                                                              May 4, 2024 20:24:48.302802086 CEST44349768142.250.72.142192.168.2.4
                                                                                                              May 4, 2024 20:24:48.302858114 CEST49768443192.168.2.4142.250.72.142
                                                                                                              May 4, 2024 20:24:48.314265013 CEST44349768142.250.72.142192.168.2.4
                                                                                                              May 4, 2024 20:24:48.314376116 CEST44349768142.250.72.142192.168.2.4
                                                                                                              May 4, 2024 20:24:48.314424992 CEST49768443192.168.2.4142.250.72.142
                                                                                                              May 4, 2024 20:24:48.314433098 CEST44349768142.250.72.142192.168.2.4
                                                                                                              May 4, 2024 20:24:48.323936939 CEST44349768142.250.72.142192.168.2.4
                                                                                                              May 4, 2024 20:24:48.324002028 CEST49768443192.168.2.4142.250.72.142
                                                                                                              May 4, 2024 20:24:48.324007988 CEST44349768142.250.72.142192.168.2.4
                                                                                                              May 4, 2024 20:24:48.334505081 CEST44349768142.250.72.142192.168.2.4
                                                                                                              May 4, 2024 20:24:48.334573984 CEST49768443192.168.2.4142.250.72.142
                                                                                                              May 4, 2024 20:24:48.334594011 CEST44349768142.250.72.142192.168.2.4
                                                                                                              May 4, 2024 20:24:48.350625992 CEST44349768142.250.72.142192.168.2.4
                                                                                                              May 4, 2024 20:24:48.350743055 CEST49768443192.168.2.4142.250.72.142
                                                                                                              May 4, 2024 20:24:48.350749016 CEST44349768142.250.72.142192.168.2.4
                                                                                                              May 4, 2024 20:24:48.359746933 CEST44349768142.250.72.142192.168.2.4
                                                                                                              May 4, 2024 20:24:48.359775066 CEST44349768142.250.72.142192.168.2.4
                                                                                                              May 4, 2024 20:24:48.359806061 CEST49768443192.168.2.4142.250.72.142
                                                                                                              May 4, 2024 20:24:48.359812021 CEST44349768142.250.72.142192.168.2.4
                                                                                                              May 4, 2024 20:24:48.359867096 CEST49768443192.168.2.4142.250.72.142
                                                                                                              May 4, 2024 20:24:48.369266033 CEST44349768142.250.72.142192.168.2.4
                                                                                                              May 4, 2024 20:24:48.377294064 CEST44349768142.250.72.142192.168.2.4
                                                                                                              May 4, 2024 20:24:48.377325058 CEST44349768142.250.72.142192.168.2.4
                                                                                                              May 4, 2024 20:24:48.377340078 CEST49768443192.168.2.4142.250.72.142
                                                                                                              May 4, 2024 20:24:48.377345085 CEST44349768142.250.72.142192.168.2.4
                                                                                                              May 4, 2024 20:24:48.377392054 CEST49768443192.168.2.4142.250.72.142
                                                                                                              May 4, 2024 20:24:48.387871027 CEST44349768142.250.72.142192.168.2.4
                                                                                                              May 4, 2024 20:24:48.387928009 CEST44349768142.250.72.142192.168.2.4
                                                                                                              May 4, 2024 20:24:48.387976885 CEST49768443192.168.2.4142.250.72.142
                                                                                                              May 4, 2024 20:24:48.387980938 CEST44349768142.250.72.142192.168.2.4
                                                                                                              May 4, 2024 20:24:48.388045073 CEST44349768142.250.72.142192.168.2.4
                                                                                                              May 4, 2024 20:24:48.388102055 CEST49768443192.168.2.4142.250.72.142
                                                                                                              May 4, 2024 20:24:48.391180992 CEST49768443192.168.2.4142.250.72.142
                                                                                                              May 4, 2024 20:24:48.391191959 CEST44349768142.250.72.142192.168.2.4

                                                                                                              UDP Packets

                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                              May 4, 2024 20:22:54.155535936 CEST6009453192.168.2.41.1.1.1
                                                                                                              May 4, 2024 20:22:54.156389952 CEST6432653192.168.2.41.1.1.1
                                                                                                              May 4, 2024 20:22:54.283320904 CEST53577681.1.1.1192.168.2.4
                                                                                                              May 4, 2024 20:22:54.301913023 CEST53512501.1.1.1192.168.2.4
                                                                                                              May 4, 2024 20:22:54.305712938 CEST53600941.1.1.1192.168.2.4
                                                                                                              May 4, 2024 20:22:54.307137966 CEST53643261.1.1.1192.168.2.4
                                                                                                              May 4, 2024 20:22:56.636986017 CEST6435253192.168.2.41.1.1.1
                                                                                                              May 4, 2024 20:22:56.716871023 CEST53513641.1.1.1192.168.2.4
                                                                                                              May 4, 2024 20:22:56.787584066 CEST53643521.1.1.1192.168.2.4
                                                                                                              May 4, 2024 20:22:57.126527071 CEST53546011.1.1.1192.168.2.4
                                                                                                              May 4, 2024 20:22:57.655992985 CEST6259653192.168.2.41.1.1.1
                                                                                                              May 4, 2024 20:22:57.809516907 CEST53625961.1.1.1192.168.2.4
                                                                                                              May 4, 2024 20:22:59.475886106 CEST6197053192.168.2.41.1.1.1
                                                                                                              May 4, 2024 20:22:59.476541042 CEST5708753192.168.2.41.1.1.1
                                                                                                              May 4, 2024 20:22:59.626148939 CEST53619701.1.1.1192.168.2.4
                                                                                                              May 4, 2024 20:22:59.627172947 CEST53570871.1.1.1192.168.2.4
                                                                                                              May 4, 2024 20:23:17.118525982 CEST138138192.168.2.4192.168.2.255
                                                                                                              May 4, 2024 20:23:17.154021025 CEST53587781.1.1.1192.168.2.4
                                                                                                              May 4, 2024 20:23:37.725630999 CEST53580381.1.1.1192.168.2.4
                                                                                                              May 4, 2024 20:23:53.374174118 CEST53590141.1.1.1192.168.2.4
                                                                                                              May 4, 2024 20:24:02.344311953 CEST53512981.1.1.1192.168.2.4
                                                                                                              May 4, 2024 20:24:33.827806950 CEST53574791.1.1.1192.168.2.4
                                                                                                              May 4, 2024 20:24:45.914889097 CEST6349653192.168.2.41.1.1.1
                                                                                                              May 4, 2024 20:24:45.915035963 CEST6377553192.168.2.41.1.1.1
                                                                                                              May 4, 2024 20:24:46.069374084 CEST53634961.1.1.1192.168.2.4
                                                                                                              May 4, 2024 20:24:46.069420099 CEST53637751.1.1.1192.168.2.4
                                                                                                              May 4, 2024 20:24:48.357889891 CEST53514651.1.1.1192.168.2.4
                                                                                                              May 4, 2024 20:24:48.359401941 CEST53540041.1.1.1192.168.2.4
                                                                                                              May 4, 2024 20:24:49.636478901 CEST53499581.1.1.1192.168.2.4
                                                                                                              May 4, 2024 20:24:53.524043083 CEST53541821.1.1.1192.168.2.4

                                                                                                              DNS Queries

                                                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                              May 4, 2024 20:22:54.155535936 CEST192.168.2.41.1.1.10x1041Standard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                                                              May 4, 2024 20:22:54.156389952 CEST192.168.2.41.1.1.10x5659Standard query (0)www.google.com65IN (0x0001)false
                                                                                                              May 4, 2024 20:22:56.636986017 CEST192.168.2.41.1.1.10x1b10Standard query (0)ip-api.comA (IP address)IN (0x0001)false
                                                                                                              May 4, 2024 20:22:57.655992985 CEST192.168.2.41.1.1.10x94c1Standard query (0)terminal4.veeblehosting.comA (IP address)IN (0x0001)false
                                                                                                              May 4, 2024 20:22:59.475886106 CEST192.168.2.41.1.1.10x9fabStandard query (0)apis.google.comA (IP address)IN (0x0001)false
                                                                                                              May 4, 2024 20:22:59.476541042 CEST192.168.2.41.1.1.10x48c5Standard query (0)apis.google.com65IN (0x0001)false
                                                                                                              May 4, 2024 20:24:45.914889097 CEST192.168.2.41.1.1.10xba25Standard query (0)ogs.google.comA (IP address)IN (0x0001)false
                                                                                                              May 4, 2024 20:24:45.915035963 CEST192.168.2.41.1.1.10x55bfStandard query (0)ogs.google.com65IN (0x0001)false

                                                                                                              DNS Answers

                                                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                              May 4, 2024 20:22:54.305712938 CEST1.1.1.1192.168.2.40x1041No error (0)www.google.com142.250.68.4A (IP address)IN (0x0001)false
                                                                                                              May 4, 2024 20:22:54.307137966 CEST1.1.1.1192.168.2.40x5659No error (0)www.google.com65IN (0x0001)false
                                                                                                              May 4, 2024 20:22:56.787584066 CEST1.1.1.1192.168.2.40x1b10No error (0)ip-api.com208.95.112.1A (IP address)IN (0x0001)false
                                                                                                              May 4, 2024 20:22:57.809516907 CEST1.1.1.1192.168.2.40x94c1No error (0)terminal4.veeblehosting.com108.170.55.203A (IP address)IN (0x0001)false
                                                                                                              May 4, 2024 20:22:57.809516907 CEST1.1.1.1192.168.2.40x94c1No error (0)terminal4.veeblehosting.com108.170.55.202A (IP address)IN (0x0001)false
                                                                                                              May 4, 2024 20:22:57.894328117 CEST1.1.1.1192.168.2.40x7132No error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                              May 4, 2024 20:22:57.894328117 CEST1.1.1.1192.168.2.40x7132No error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                              May 4, 2024 20:22:59.626148939 CEST1.1.1.1192.168.2.40x9fabNo error (0)apis.google.complus.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                                                                              May 4, 2024 20:22:59.626148939 CEST1.1.1.1192.168.2.40x9fabNo error (0)plus.l.google.com172.217.12.142A (IP address)IN (0x0001)false
                                                                                                              May 4, 2024 20:22:59.627172947 CEST1.1.1.1192.168.2.40x48c5No error (0)apis.google.complus.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                                                                              May 4, 2024 20:22:59.677489996 CEST1.1.1.1192.168.2.40x5157No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                                              May 4, 2024 20:22:59.677489996 CEST1.1.1.1192.168.2.40x5157No error (0)fp2e7a.wpc.phicdn.net192.229.211.108A (IP address)IN (0x0001)false
                                                                                                              May 4, 2024 20:24:46.069374084 CEST1.1.1.1192.168.2.40xba25No error (0)ogs.google.comwww3.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                                                                              May 4, 2024 20:24:46.069374084 CEST1.1.1.1192.168.2.40xba25No error (0)www3.l.google.com142.250.72.142A (IP address)IN (0x0001)false
                                                                                                              May 4, 2024 20:24:46.069420099 CEST1.1.1.1192.168.2.40x55bfNo error (0)ogs.google.comwww3.l.google.comCNAME (Canonical name)IN (0x0001)false

                                                                                                              HTTP Request Dependency Graph

                                                                                                              • www.google.com
                                                                                                              • apis.google.com
                                                                                                              • ogs.google.com
                                                                                                              • ip-api.com

                                                                                                              HTTP Packets

                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              0192.168.2.449742208.95.112.1807288C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              May 4, 2024 20:22:56.951899052 CEST80OUTGET /line/?fields=hosting HTTP/1.1
                                                                                                              Host: ip-api.com
                                                                                                              Connection: Keep-Alive
                                                                                                              May 4, 2024 20:22:57.102150917 CEST174INHTTP/1.1 200 OK
                                                                                                              Date: Sat, 04 May 2024 18:22:56 GMT
                                                                                                              Content-Type: text/plain; charset=utf-8
                                                                                                              Content-Length: 5
                                                                                                              Access-Control-Allow-Origin: *
                                                                                                              X-Ttl: 60
                                                                                                              X-Rl: 44
                                                                                                              Data Raw: 74 72 75 65 0a
                                                                                                              Data Ascii: true


                                                                                                              HTTPS Proxied Packets

                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              0192.168.2.449733142.250.68.44437572C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2024-05-04 18:22:56 UTC607OUTGET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1
                                                                                                              Host: www.google.com
                                                                                                              Connection: keep-alive
                                                                                                              X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX
                                                                                                              Sec-Fetch-Site: none
                                                                                                              Sec-Fetch-Mode: no-cors
                                                                                                              Sec-Fetch-Dest: empty
                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                              2024-05-04 18:22:56 UTC1191INHTTP/1.1 200 OK
                                                                                                              Date: Sat, 04 May 2024 18:22:56 GMT
                                                                                                              Pragma: no-cache
                                                                                                              Expires: -1
                                                                                                              Cache-Control: no-cache, must-revalidate
                                                                                                              Content-Type: text/javascript; charset=UTF-8
                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                              Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-y0tS_qDeefCbugxRsVwGiQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1
                                                                                                              Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                              Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]}
                                                                                                              Accept-CH: Sec-CH-UA-Platform
                                                                                                              Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                              Accept-CH: Sec-CH-UA-Full-Version
                                                                                                              Accept-CH: Sec-CH-UA-Arch
                                                                                                              Accept-CH: Sec-CH-UA-Model
                                                                                                              Accept-CH: Sec-CH-UA-Bitness
                                                                                                              Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                              Accept-CH: Sec-CH-UA-WoW64
                                                                                                              Permissions-Policy: unload=()
                                                                                                              Content-Disposition: attachment; filename="f.txt"
                                                                                                              Server: gws
                                                                                                              X-XSS-Protection: 0
                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                              Accept-Ranges: none
                                                                                                              Vary: Accept-Encoding
                                                                                                              Connection: close
                                                                                                              Transfer-Encoding: chunked
                                                                                                              2024-05-04 18:22:56 UTC64INData Raw: 37 30 30 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 6c 75 63 68 61 20 6c 69 62 72 65 20 6c 6f 6f 74 20 72 65 77 61 72 64 73 20 6d 6f 6e 6f 70 6f 6c 79 20 67 6f 22 2c 22 70 69 74 74 73 62 75 72 67
                                                                                                              Data Ascii: 700)]}'["",["lucha libre loot rewards monopoly go","pittsburg
                                                                                                              2024-05-04 18:22:56 UTC1255INData Raw: 68 20 73 74 65 65 6c 65 72 73 20 6e 65 77 73 22 2c 22 6e 61 74 69 6f 6e 61 6c 20 6e 75 72 73 65 73 20 77 65 65 6b 20 64 69 73 63 6f 75 6e 74 73 22 2c 22 61 70 65 78 20 6c 65 67 65 6e 64 73 20 73 70 6c 69 74 20 31 20 70 6c 61 79 6f 66 66 73 20 73 63 68 65 64 75 6c 65 22 2c 22 6a 65 72 72 79 20 73 65 69 6e 66 65 6c 64 20 6d 6f 76 69 65 20 75 6e 66 72 6f 73 74 65 64 22 2c 22 73 70 72 69 6e 67 20 68 69 6c 6c 20 68 69 67 68 20 73 63 68 6f 6f 6c 20 73 65 6e 69 6f 72 20 70 72 61 6e 6b 22 2c 22 6d 69 6e 69 20 63 72 6f 73 73 77 6f 72 64 20 63 6c 75 65 73 22 2c 22 73 74 6f 63 6b 20 6d 61 72 6b 65 74 20 66 75 74 75 72 65 73 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64
                                                                                                              Data Ascii: h steelers news","national nurses week discounts","apex legends split 1 playoffs schedule","jerry seinfeld movie unfrosted","spring hill high school senior prank","mini crossword clues","stock market futures"],["","","","","","","",""],[],{"google:clientd
                                                                                                              2024-05-04 18:22:56 UTC480INData Raw: 68 4d 32 4d 35 5a 46 5a 68 65 45 46 46 59 56 4e 77 4e 55 52 71 5a 30 52 35 51 57 52 35 5a 54 56 55 61 6c 41 30 56 7a 46 4f 63 58 5a 58 54 57 35 49 4d 33 52 48 4d 48 4a 79 5a 58 64 48 51 30 6c 58 4e 46 63 30 61 56 6b 30 61 47 6c 50 54 46 4d 77 57 54 68 30 61 46 63 79 55 6b 5a 56 63 30 74 56 4d 6d 56 34 64 6a 4e 43 4e 30 67 31 4e 6b 35 58 4d 47 63 72 65 69 74 73 62 6d 5a 51 62 6c 42 4f 62 46 6c 6c 55 7a 41 79 52 6a 64 7a 62 46 4e 6b 65 46 59 72 62 32 46 61 63 47 4e 57 51 56 46 30 55 31 5a 78 59 6e 4e 4d 4d 30 74 32 61 45 64 32 53 58 4a 4e 54 57 70 49 4d 33 52 4c 64 58 68 58 65 46 68 79 52 45 64 32 52 48 42 49 61 32 6c 77 63 33 6c 74 4d 30 64 75 57 45 45 79 52 6b 45 7a 55 32 4e 58 4d 44 68 75 56 6b 39 6f 55 54 52 50 54 7a 42 44 62 54 52 58 5a 7a 52 43 52 31
                                                                                                              Data Ascii: hM2M5ZFZheEFFYVNwNURqZ0R5QWR5ZTVUalA0VzFOcXZXTW5IM3RHMHJyZXdHQ0lXNFc0aVk0aGlPTFMwWTh0aFcyUkZVc0tVMmV4djNCN0g1Nk5XMGcreitsbmZQblBObFllUzAyRjdzbFNkeFYrb2FacGNWQVF0U1ZxYnNMM0t2aEd2SXJNTWpIM3RLdXhXeFhyREd2RHBIa2lwc3ltM0duWEEyRkEzU2NXMDhuVk9oUTRPTzBDbTRXZzRCR1
                                                                                                              2024-05-04 18:22:56 UTC1255INData Raw: 39 61 31 0d 0a 47 31 77 63 32 6c 55 56 32 46 70 4f 55 56 69 59 6b 78 54 52 57 67 7a 59 54 4a 6a 62 45 39 4d 62 54 46 6f 62 53 39 59 4f 54 6c 59 64 6c 70 4b 54 55 52 49 52 55 77 34 57 58 46 42 4f 54 5a 5a 4d 6b 46 75 63 48 56 54 62 30 56 6d 62 47 5a 58 62 47 31 52 4d 45 5a 32 59 56 4e 70 62 47 4a 4f 62 30 31 4f 59 31 45 34 56 46 5a 59 5a 32 56 76 55 56 64 4c 59 57 78 6f 4b 32 31 54 4e 48 6c 59 5a 33 6b 34 51 31 4e 57 4d 30 38 34 61 46 46 7a 55 56 52 6b 55 46 56 46 57 54 5a 68 64 6d 39 78 4f 47 59 79 5a 31 56 43 55 53 74 4c 52 54 6c 48 5a 6e 55 76 53 45 52 6e 59 33 51 34 51 6a 4a 78 4e 6b 4d 32 59 6a 6c 4e 52 45 6c 51 63 47 39 43 4e 31 6b 76 4e 6d 31 78 4d 47 56 46 4d 6c 46 59 4d 6c 63 7a 55 7a 52 53 4d 45 46 56 62 31 63 76 55 58 4a 52 63 6d 68 4f 52 57 46
                                                                                                              Data Ascii: 9a1G1wc2lUV2FpOUViYkxTRWgzYTJjbE9MbTFobS9YOTlYdlpKTURIRUw4WXFBOTZZMkFucHVTb0VmbGZXbG1RMEZ2YVNpbGJOb01OY1E4VFZYZ2VvUVdLYWxoK21TNHlYZ3k4Q1NWM084aFFzUVRkUFVFWTZhdm9xOGYyZ1VCUStLRTlHZnUvSERnY3Q4QjJxNkM2YjlNRElQcG9CN1kvNm1xMGVFMlFYMlczUzRSMEFVb1cvUXJRcmhORWF
                                                                                                              2024-05-04 18:22:56 UTC1217INData Raw: 79 4d 48 55 7a 54 58 56 4e 5a 7a 51 34 52 48 42 69 55 31 52 54 64 55 68 76 57 57 70 30 52 47 31 78 4f 54 64 68 56 47 59 30 56 6b 70 7a 63 47 52 32 55 53 74 6b 54 53 39 47 4d 45 70 46 63 55 74 74 62 31 63 7a 54 31 4a 42 5a 47 6c 69 4e 46 5a 31 63 30 46 45 62 6a 46 7a 5a 45 6b 78 54 6d 31 55 56 30 70 4d 57 6d 52 52 4d 47 4a 6e 53 6d 4e 56 59 6d 6b 35 61 6a 59 35 51 6e 46 68 4f 58 70 4c 56 48 56 6f 63 57 6c 42 61 6d 70 74 54 6e 52 4f 57 55 31 57 57 6d 4e 6b 4e 58 6c 73 52 56 68 57 4d 58 4e 45 4d 48 52 5a 4c 31 68 42 64 47 70 36 62 33 70 4e 5a 6d 6c 56 4b 32 78 35 53 6a 68 34 55 32 64 76 53 6c 56 48 61 55 56 69 61 58 42 61 52 30 46 43 4d 79 39 71 55 57 31 7a 4d 55 4e 59 53 47 74 54 56 58 63 30 4e 6c 67 31 52 47 4d 78 61 48 46 34 55 31 46 73 53 30 68 72 53 30
                                                                                                              Data Ascii: yMHUzTXVNZzQ4RHBiU1RTdUhvWWp0RG1xOTdhVGY0VkpzcGR2UStkTS9GMEpFcUttb1czT1JBZGliNFZ1c0FEbjFzZEkxTm1UV0pMWmRRMGJnSmNVYmk5ajY5QnFhOXpLVHVocWlBamptTnROWU1WWmNkNXlsRVhWMXNEMHRZL1hBdGp6b3pNZmlVK2x5Sjh4U2dvSlVHaUViaXBaR0FCMy9qUW1zMUNYSGtTVXc0Nlg1RGMxaHF4U1FsS0hrS0
                                                                                                              2024-05-04 18:22:56 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                              Data Ascii: 0


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              1192.168.2.449739142.250.68.44437572C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2024-05-04 18:22:56 UTC353OUTGET /async/ddljson?async=ntp:2 HTTP/1.1
                                                                                                              Host: www.google.com
                                                                                                              Connection: keep-alive
                                                                                                              Sec-Fetch-Site: none
                                                                                                              Sec-Fetch-Mode: no-cors
                                                                                                              Sec-Fetch-Dest: empty
                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                              2024-05-04 18:22:56 UTC967INHTTP/1.1 200 OK
                                                                                                              Version: 630032337
                                                                                                              Content-Type: application/json; charset=UTF-8
                                                                                                              X-Content-Type-Options: nosniff
                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                              Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                              Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]}
                                                                                                              Accept-CH: Sec-CH-UA-Platform
                                                                                                              Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                              Accept-CH: Sec-CH-UA-Full-Version
                                                                                                              Accept-CH: Sec-CH-UA-Arch
                                                                                                              Accept-CH: Sec-CH-UA-Model
                                                                                                              Accept-CH: Sec-CH-UA-Bitness
                                                                                                              Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                              Accept-CH: Sec-CH-UA-WoW64
                                                                                                              Permissions-Policy: unload=()
                                                                                                              Content-Disposition: attachment; filename="f.txt"
                                                                                                              Date: Sat, 04 May 2024 18:22:56 GMT
                                                                                                              Server: gws
                                                                                                              Cache-Control: private
                                                                                                              X-XSS-Protection: 0
                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                              Accept-Ranges: none
                                                                                                              Vary: Accept-Encoding
                                                                                                              Connection: close
                                                                                                              Transfer-Encoding: chunked
                                                                                                              2024-05-04 18:22:56 UTC25INData Raw: 31 33 0d 0a 29 5d 7d 27 0a 7b 22 64 64 6c 6a 73 6f 6e 22 3a 7b 7d 7d 0d 0a
                                                                                                              Data Ascii: 13)]}'{"ddljson":{}}
                                                                                                              2024-05-04 18:22:56 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                              Data Ascii: 0


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              2192.168.2.449731142.250.68.44437572C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2024-05-04 18:22:56 UTC510OUTGET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1
                                                                                                              Host: www.google.com
                                                                                                              Connection: keep-alive
                                                                                                              X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX
                                                                                                              Sec-Fetch-Site: cross-site
                                                                                                              Sec-Fetch-Mode: no-cors
                                                                                                              Sec-Fetch-Dest: empty
                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                              2024-05-04 18:22:56 UTC967INHTTP/1.1 200 OK
                                                                                                              Version: 630032337
                                                                                                              Content-Type: application/json; charset=UTF-8
                                                                                                              X-Content-Type-Options: nosniff
                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                              Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                              Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]}
                                                                                                              Accept-CH: Sec-CH-UA-Platform
                                                                                                              Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                              Accept-CH: Sec-CH-UA-Full-Version
                                                                                                              Accept-CH: Sec-CH-UA-Arch
                                                                                                              Accept-CH: Sec-CH-UA-Model
                                                                                                              Accept-CH: Sec-CH-UA-Bitness
                                                                                                              Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                              Accept-CH: Sec-CH-UA-WoW64
                                                                                                              Permissions-Policy: unload=()
                                                                                                              Content-Disposition: attachment; filename="f.txt"
                                                                                                              Date: Sat, 04 May 2024 18:22:56 GMT
                                                                                                              Server: gws
                                                                                                              Cache-Control: private
                                                                                                              X-XSS-Protection: 0
                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                              Accept-Ranges: none
                                                                                                              Vary: Accept-Encoding
                                                                                                              Connection: close
                                                                                                              Transfer-Encoding: chunked
                                                                                                              2024-05-04 18:22:56 UTC288INData Raw: 31 30 34 62 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 6c 61 6e 67 75 61 67 65 5f 63 6f 64 65 22 3a 22 65 6e 2d 55 53 22 2c 22 6f 67 62 22 3a 7b 22 68 74 6d 6c 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 68 74 6d 6c 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 5c 75 30 30 33 63 68 65 61 64 65 72 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 51 61 20 67 62 5f 68 62 20 67 62 5f 54 64 20 67 62 5f 6e 64 5c 22 20 69 64 5c 75 30 30 33 64 5c 22 67 62 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 61 6e 6e 65 72 5c 22 20 73 74 79 6c 65 5c 75 30 30 33 64 5c 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 5c 22 5c 75 30 30 33 65
                                                                                                              Data Ascii: 104b)]}'{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Qa gb_hb gb_Td gb_nd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e
                                                                                                              2024-05-04 18:22:56 UTC1255INData Raw: 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 72 64 20 67 62 5f 6b 64 20 67 62 5f 78 64 20 67 62 5f 77 64 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 71 64 20 67 62 5f 67 64 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 4f 63 20 67 62 5f 71 5c 22 20 61 72 69 61 2d 65 78 70 61 6e 64 65 64 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 61 72 69 61 2d 6c 61 62 65 6c 5c 75 30 30 33 64 5c 22 4d 61 69 6e 20 6d 65 6e 75 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 75 74 74 6f 6e 5c 22 20 74 61 62 69 6e 64 65 78 5c 75 30 30 33 64 5c 22 30 5c 22 5c 75 30 30
                                                                                                              Data Ascii: 03e\u003c\/div\u003e\u003cdiv class\u003d\"gb_rd gb_kd gb_xd gb_wd\"\u003e\u003cdiv class\u003d\"gb_qd gb_gd\"\u003e\u003cdiv class\u003d\"gb_Oc gb_q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u00
                                                                                                              2024-05-04 18:22:56 UTC1255INData Raw: 6c 61 62 65 6c 5c 75 30 30 33 64 5c 22 47 6f 6f 67 6c 65 5c 22 20 68 72 65 66 5c 75 30 30 33 64 5c 22 2f 3f 74 61 62 5c 75 30 30 33 64 72 72 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 70 61 6e 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 4e 63 20 67 62 5f 35 64 5c 22 20 61 72 69 61 2d 68 69 64 64 65 6e 5c 75 30 30 33 64 5c 22 74 72 75 65 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 70 72 65 73 65 6e 74 61 74 69 6f 6e 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 73 70 61 6e 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 61 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 71 64 20 67 62 5f 65 64 20 67 62
                                                                                                              Data Ascii: label\u003d\"Google\" href\u003d\"/?tab\u003drr\"\u003e\u003cspan class\u003d\"gb_Nc gb_5d\" aria-hidden\u003d\"true\" role\u003d\"presentation\"\u003e\u003c\/span\u003e\u003c\/a\u003e\u003c\/div\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_qd gb_ed gb
                                                                                                              2024-05-04 18:22:56 UTC1255INData Raw: 22 67 62 5f 55 64 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 37 63 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 78 20 67 62 5f 4b 20 67 62 5f 6a 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 66 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 61 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 64 5c 22 20 61 72 69 61 2d 6c 61 62 65 6c 5c 75 30 30 33 64 5c 22 53 65 61 72 63 68 20 4c 61 62 73 5c 22 20 68 72 65 66 5c 75 30 30 33 64 5c 22 68 74 74 70 73 3a 2f 2f 6c 61 62 73 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 73 65 61 72 63 68 3f 73 6f 75 72 63 65 5c 75 30 30 33 64 6e 74 70 5c 22 20 74
                                                                                                              Data Ascii: "gb_Ud\"\u003e\u003cdiv class\u003d\"gb_7c\"\u003e \u003cdiv class\u003d\"gb_x gb_K gb_j\"\u003e \u003cdiv class\u003d\"gb_f\"\u003e \u003ca class\u003d\"gb_d\" aria-label\u003d\"Search Labs\" href\u003d\"https://labs.google.com/search?source\u003dntp\" t
                                                                                                              2024-05-04 18:22:56 UTC126INData Raw: 6d 2f 69 6e 74 6c 2f 65 6e 2f 61 62 6f 75 74 2f 70 72 6f 64 75 63 74 73 3f 74 61 62 5c 75 30 30 33 64 72 68 5c 22 20 61 72 69 61 2d 65 78 70 61 6e 64 65 64 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 75 74 74 6f 6e 5c 22 20 74 61 62 69 6e 64 65 78 5c 75 30 30 33 64 5c 22 30 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 76 67 20 0d 0a
                                                                                                              Data Ascii: m/intl/en/about/products?tab\u003drh\" aria-expanded\u003d\"false\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg
                                                                                                              2024-05-04 18:22:56 UTC748INData Raw: 32 65 35 0d 0a 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 68 5c 22 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 76 69 65 77 62 6f 78 5c 75 30 30 33 64 5c 22 30 20 30 20 32 34 20 32 34 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30 30 33 64 5c 22 4d 36 2c 38 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 32 2c 32 30 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 36 2c 32 30 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d
                                                                                                              Data Ascii: 2e5class\u003d\"gb_h\" focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M6,8c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM12,20c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM6,20c1.1,0 2,-0.9 2,-2s-0.9,-2 -
                                                                                                              2024-05-04 18:22:56 UTC1255INData Raw: 38 30 30 30 0d 0a 61 6c 74 5c 75 30 30 33 64 5c 22 5c 22 20 68 65 69 67 68 74 5c 75 30 30 33 64 5c 22 32 34 5c 22 20 77 69 64 74 68 5c 75 30 30 33 64 5c 22 32 34 5c 22 20 73 74 79 6c 65 5c 75 30 30 33 64 5c 22 62 6f 72 64 65 72 3a 6e 6f 6e 65 3b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 20 5c 5c 39 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 69 6d 61 67 65 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 73 76 67 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 61 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75
                                                                                                              Data Ascii: 8000alt\u003d\"\" height\u003d\"24\" width\u003d\"24\" style\u003d\"border:none;display:none \\9\"\u003e\u003c\/image\u003e\u003c\/svg\u003e\u003c\/a\u003e\u003c\/div\u003e\u003c\/div\u003e\u003c\/div\u003e\u003c\/div\u003e\u003c\/div\u003e\u003c\/div\u
                                                                                                              2024-05-04 18:22:56 UTC1255INData Raw: 72 20 77 69 6e 64 6f 77 5c 75 30 30 33 64 74 68 69 73 3b 5c 6e 74 72 79 7b 5c 6e 5f 2e 68 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 69 66 28 21 61 2e 6a 29 69 66 28 63 20 69 6e 73 74 61 6e 63 65 6f 66 20 41 72 72 61 79 29 66 6f 72 28 76 61 72 20 64 20 6f 66 20 63 29 5f 2e 68 64 28 61 2c 62 2c 64 29 3b 65 6c 73 65 7b 64 5c 75 30 30 33 64 28 30 2c 5f 2e 79 29 28 61 2e 43 2c 61 2c 62 29 3b 63 6f 6e 73 74 20 65 5c 75 30 30 33 64 61 2e 76 2b 63 3b 61 2e 76 2b 2b 3b 62 2e 64 61 74 61 73 65 74 2e 65 71 69 64 5c 75 30 30 33 64 65 3b 61 2e 42 5b 65 5d 5c 75 30 30 33 64 64 3b 62 5c 75 30 30 32 36 5c 75 30 30 32 36 62 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 3f 62 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 63 2c 64 2c
                                                                                                              Data Ascii: r window\u003dthis;\ntry{\n_.hd\u003dfunction(a,b,c){if(!a.j)if(c instanceof Array)for(var d of c)_.hd(a,b,d);else{d\u003d(0,_.y)(a.C,a,b);const e\u003da.v+c;a.v++;b.dataset.eqid\u003de;a.B[e]\u003dd;b\u0026\u0026b.addEventListener?b.addEventListener(c,d,
                                                                                                              2024-05-04 18:22:56 UTC1255INData Raw: 7b 69 66 28 62 20 69 6e 20 61 2e 69 29 72 65 74 75 72 6e 20 61 2e 69 5b 62 5d 3b 74 68 72 6f 77 20 6e 65 77 20 6f 64 3b 7d 3b 5f 2e 71 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 5f 2e 70 64 28 5f 2e 54 63 2e 69 28 29 2c 61 29 7d 3b 5c 6e 7d 63 61 74 63 68 28 65 29 7b 5f 2e 5f 44 75 6d 70 45 78 63 65 70 74 69 6f 6e 28 65 29 7d 5c 6e 74 72 79 7b 5c 6e 2f 2a 5c 6e 5c 6e 20 53 50 44 58 2d 4c 69 63 65 6e 73 65 2d 49 64 65 6e 74 69 66 69 65 72 3a 20 41 70 61 63 68 65 2d 32 2e 30 5c 6e 2a 2f 5c 6e 76 61 72 20 77 64 2c 46 64 2c 48 64 3b 5f 2e 72 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 6e 75 6c 6c 5c 75 30 30 33 64 5c 75 30 30 33 64 61 29 72 65 74 75 72 6e 20 61 3b 69 66 28 5c 22 73 74 72 69 6e 67 5c 22
                                                                                                              Data Ascii: {if(b in a.i)return a.i[b];throw new od;};_.qd\u003dfunction(a){return _.pd(_.Tc.i(),a)};\n}catch(e){_._DumpException(e)}\ntry{\n/*\n\n SPDX-License-Identifier: Apache-2.0\n*/\nvar wd,Fd,Hd;_.rd\u003dfunction(a){if(null\u003d\u003da)return a;if(\"string\"
                                                                                                              2024-05-04 18:22:56 UTC1255INData Raw: 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 5f 2e 72 64 28 5f 2e 71 63 28 61 2c 62 29 29 7d 3b 5c 6e 5f 2e 52 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 61 5c 75 30 30 33 64 5f 2e 71 63 28 61 2c 62 29 3b 72 65 74 75 72 6e 20 6e 75 6c 6c 5c 75 30 30 33 64 5c 75 30 30 33 64 61 3f 61 3a 4e 75 6d 62 65 72 2e 69 73 46 69 6e 69 74 65 28 61 29 3f 61 7c 30 3a 76 6f 69 64 20 30 7d 3b 5f 2e 53 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 5c 75 30 30 33 64 30 29 7b 72 65 74 75 72 6e 20 5f 2e 6c 62 28 5f 2e 45 64 28 61 2c 62 29 2c 63 29 7d 3b 46 64 5c 75 30 30 33 64 30 3b 5f 2e 47 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 4f 62 6a 65 63 74 2e 70 72 6f 74 6f 74 79 70 65 2e 68 61 73 4f 77 6e 50 72 6f 70 65
                                                                                                              Data Ascii: (a,b){return _.rd(_.qc(a,b))};\n_.R\u003dfunction(a,b){a\u003d_.qc(a,b);return null\u003d\u003da?a:Number.isFinite(a)?a|0:void 0};_.S\u003dfunction(a,b,c\u003d0){return _.lb(_.Ed(a,b),c)};Fd\u003d0;_.Gd\u003dfunction(a){return Object.prototype.hasOwnPrope


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              3192.168.2.449734142.250.68.44437572C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2024-05-04 18:22:56 UTC353OUTGET /async/newtab_promos HTTP/1.1
                                                                                                              Host: www.google.com
                                                                                                              Connection: keep-alive
                                                                                                              Sec-Fetch-Site: cross-site
                                                                                                              Sec-Fetch-Mode: no-cors
                                                                                                              Sec-Fetch-Dest: empty
                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                              2024-05-04 18:22:56 UTC922INHTTP/1.1 200 OK
                                                                                                              Version: 630032337
                                                                                                              Content-Type: application/json; charset=UTF-8
                                                                                                              X-Content-Type-Options: nosniff
                                                                                                              Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                              Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]}
                                                                                                              Accept-CH: Sec-CH-UA-Platform
                                                                                                              Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                              Accept-CH: Sec-CH-UA-Full-Version
                                                                                                              Accept-CH: Sec-CH-UA-Arch
                                                                                                              Accept-CH: Sec-CH-UA-Model
                                                                                                              Accept-CH: Sec-CH-UA-Bitness
                                                                                                              Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                              Accept-CH: Sec-CH-UA-WoW64
                                                                                                              Permissions-Policy: unload=()
                                                                                                              Content-Disposition: attachment; filename="f.txt"
                                                                                                              Date: Sat, 04 May 2024 18:22:56 GMT
                                                                                                              Server: gws
                                                                                                              Cache-Control: private
                                                                                                              X-XSS-Protection: 0
                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                              Accept-Ranges: none
                                                                                                              Vary: Accept-Encoding
                                                                                                              Connection: close
                                                                                                              Transfer-Encoding: chunked
                                                                                                              2024-05-04 18:22:56 UTC35INData Raw: 31 64 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 70 72 6f 6d 6f 73 22 3a 7b 7d 7d 7d 0d 0a
                                                                                                              Data Ascii: 1d)]}'{"update":{"promos":{}}}
                                                                                                              2024-05-04 18:22:56 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                              Data Ascii: 0


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              4192.168.2.449751172.217.12.1424437572C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2024-05-04 18:22:59 UTC741OUTGET /_/scs/abc-static/_/js/k=gapi.gapi.en.SCWmpDDGjPk.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo_Pl64J0IIHlj2zBtEJ3ZwdaJC3HA/cb=gapi.loaded_0 HTTP/1.1
                                                                                                              Host: apis.google.com
                                                                                                              Connection: keep-alive
                                                                                                              sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                              sec-ch-ua-mobile: ?0
                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                              sec-ch-ua-platform: "Windows"
                                                                                                              Accept: */*
                                                                                                              X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX
                                                                                                              Sec-Fetch-Site: cross-site
                                                                                                              Sec-Fetch-Mode: no-cors
                                                                                                              Sec-Fetch-Dest: script
                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                              2024-05-04 18:23:00 UTC916INHTTP/1.1 200 OK
                                                                                                              Accept-Ranges: bytes
                                                                                                              Access-Control-Allow-Origin: *
                                                                                                              Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
                                                                                                              Cross-Origin-Resource-Policy: cross-origin
                                                                                                              Cross-Origin-Opener-Policy: same-origin; report-to="social-frontend-mpm-access"
                                                                                                              Report-To: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
                                                                                                              Content-Length: 121628
                                                                                                              X-Content-Type-Options: nosniff
                                                                                                              Server: sffe
                                                                                                              X-XSS-Protection: 0
                                                                                                              Date: Sun, 28 Apr 2024 10:00:08 GMT
                                                                                                              Expires: Mon, 28 Apr 2025 10:00:08 GMT
                                                                                                              Cache-Control: public, max-age=31536000
                                                                                                              Last-Modified: Mon, 15 Apr 2024 17:34:54 GMT
                                                                                                              Content-Type: text/javascript; charset=UTF-8
                                                                                                              Vary: Accept-Encoding
                                                                                                              Age: 548572
                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                              Connection: close
                                                                                                              2024-05-04 18:23:00 UTC339INData Raw: 67 61 70 69 2e 6c 6f 61 64 65 64 5f 30 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 3d 74 68 69 73 3b 0a 5f 2e 5f 46 5f 74 6f 67 67 6c 65 73 5f 69 6e 69 74 69 61 6c 69 7a 65 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 28 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 3d 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 54 68 69 73 3f 67 6c 6f 62 61 6c 54 68 69 73 3a 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 3d 74 79 70 65 6f 66 20 73 65 6c 66 3f 73 65 6c 66 3a 74 68 69 73 29 2e 5f 46 5f 74 6f 67 67 6c 65 73 3d 61 7c 7c 5b 5d 7d 3b 28 30 2c 5f 2e 5f 46 5f 74 6f 67 67 6c 65 73 5f 69 6e 69 74 69 61 6c 69 7a 65 29 28 5b 30 78 32 30 30 30 30 2c 20 5d 29 3b 0a 76 61 72 20 62 61 2c 63 61 2c 64 61 2c 6e 61 2c 70 61 2c 76 61 2c 77 61 2c 7a 61 3b 62 61 3d 66 75 6e 63
                                                                                                              Data Ascii: gapi.loaded_0(function(_){var window=this;_._F_toggles_initialize=function(a){("undefined"!==typeof globalThis?globalThis:"undefined"!==typeof self?self:this)._F_toggles=a||[]};(0,_._F_toggles_initialize)([0x20000, ]);var ba,ca,da,na,pa,va,wa,za;ba=func
                                                                                                              2024-05-04 18:23:00 UTC1255INData Raw: 7d 7d 3b 63 61 3d 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 69 65 73 3f 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 69 66 28 61 3d 3d 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 7c 7c 61 3d 3d 4f 62 6a 65 63 74 2e 70 72 6f 74 6f 74 79 70 65 29 72 65 74 75 72 6e 20 61 3b 61 5b 62 5d 3d 63 2e 76 61 6c 75 65 3b 72 65 74 75 72 6e 20 61 7d 3b 0a 64 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 61 3d 5b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 54 68 69 73 26 26 67 6c 6f 62 61 6c 54 68 69 73 2c 61 2c 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 77 69 6e 64 6f 77 26 26 77 69 6e 64 6f 77 2c
                                                                                                              Data Ascii: }};ca="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};da=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,
                                                                                                              2024-05-04 18:23:00 UTC1255INData Raw: 6f 6e 22 3d 3d 3d 74 79 70 65 6f 66 20 64 26 26 22 66 75 6e 63 74 69 6f 6e 22 21 3d 74 79 70 65 6f 66 20 64 2e 70 72 6f 74 6f 74 79 70 65 5b 61 5d 26 26 63 61 28 64 2e 70 72 6f 74 6f 74 79 70 65 2c 61 2c 7b 63 6f 6e 66 69 67 75 72 61 62 6c 65 3a 21 30 2c 77 72 69 74 61 62 6c 65 3a 21 30 2c 76 61 6c 75 65 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 70 61 28 62 61 28 74 68 69 73 29 29 7d 7d 29 7d 72 65 74 75 72 6e 20 61 7d 29 3b 70 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 61 3d 7b 6e 65 78 74 3a 61 7d 3b 61 5b 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 5d 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 7d 3b 72 65 74 75 72 6e 20 61 7d 3b 0a 5f 2e 75 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 22 75 6e 64
                                                                                                              Data Ascii: on"===typeof d&&"function"!=typeof d.prototype[a]&&ca(d.prototype,a,{configurable:!0,writable:!0,value:function(){return pa(ba(this))}})}return a});pa=function(a){a={next:a};a[Symbol.iterator]=function(){return this};return a};_.ua=function(a){var b="und
                                                                                                              2024-05-04 18:23:00 UTC1255INData Raw: 2e 50 66 29 7b 74 68 69 73 2e 50 66 3d 5b 5d 3b 76 61 72 20 6b 3d 74 68 69 73 3b 74 68 69 73 2e 74 50 28 66 75 6e 63 74 69 6f 6e 28 29 7b 6b 2e 45 37 28 29 7d 29 7d 74 68 69 73 2e 50 66 2e 70 75 73 68 28 68 29 7d 3b 76 61 72 20 64 3d 5f 2e 6d 61 2e 73 65 74 54 69 6d 65 6f 75 74 3b 62 2e 70 72 6f 74 6f 74 79 70 65 2e 74 50 3d 66 75 6e 63 74 69 6f 6e 28 68 29 7b 64 28 68 2c 30 29 7d 3b 62 2e 70 72 6f 74 6f 74 79 70 65 2e 45 37 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 66 6f 72 28 3b 74 68 69 73 2e 50 66 26 26 74 68 69 73 2e 50 66 2e 6c 65 6e 67 74 68 3b 29 7b 76 61 72 20 68 3d 74 68 69 73 2e 50 66 3b 74 68 69 73 2e 50 66 3d 5b 5d 3b 66 6f 72 28 76 61 72 20 6b 3d 30 3b 6b 3c 68 2e 6c 65 6e 67 74 68 3b 2b 2b 6b 29 7b 76 61 72 20 6c 3d 68 5b 6b 5d 3b 68 5b 6b 5d 3d
                                                                                                              Data Ascii: .Pf){this.Pf=[];var k=this;this.tP(function(){k.E7()})}this.Pf.push(h)};var d=_.ma.setTimeout;b.prototype.tP=function(h){d(h,0)};b.prototype.E7=function(){for(;this.Pf&&this.Pf.length;){var h=this.Pf;this.Pf=[];for(var k=0;k<h.length;++k){var l=h[k];h[k]=
                                                                                                              2024-05-04 18:23:00 UTC1255INData Raw: 74 6f 74 79 70 65 2e 6e 65 61 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 68 3d 74 68 69 73 3b 64 28 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 68 2e 67 63 61 28 29 29 7b 76 61 72 20 6b 3d 5f 2e 6d 61 2e 63 6f 6e 73 6f 6c 65 3b 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 3d 74 79 70 65 6f 66 20 6b 26 26 6b 2e 65 72 72 6f 72 28 68 2e 46 66 29 7d 7d 2c 0a 31 29 7d 3b 65 2e 70 72 6f 74 6f 74 79 70 65 2e 67 63 61 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 74 68 69 73 2e 73 56 29 72 65 74 75 72 6e 21 31 3b 76 61 72 20 68 3d 5f 2e 6d 61 2e 43 75 73 74 6f 6d 45 76 65 6e 74 2c 6b 3d 5f 2e 6d 61 2e 45 76 65 6e 74 2c 6c 3d 5f 2e 6d 61 2e 64 69 73 70 61 74 63 68 45 76 65 6e 74 3b 69 66 28 22 75 6e 64 65 66 69 6e 65 64 22 3d 3d 3d 74 79 70 65 6f 66 20 6c 29 72 65 74
                                                                                                              Data Ascii: totype.nea=function(){var h=this;d(function(){if(h.gca()){var k=_.ma.console;"undefined"!==typeof k&&k.error(h.Ff)}},1)};e.prototype.gca=function(){if(this.sV)return!1;var h=_.ma.CustomEvent,k=_.ma.Event,l=_.ma.dispatchEvent;if("undefined"===typeof l)ret
                                                                                                              2024-05-04 18:23:00 UTC1255INData Raw: 3b 74 68 69 73 2e 73 56 3d 21 30 7d 3b 65 2e 72 65 73 6f 6c 76 65 3d 63 3b 65 2e 72 65 6a 65 63 74 3d 66 75 6e 63 74 69 6f 6e 28 68 29 7b 72 65 74 75 72 6e 20 6e 65 77 20 65 28 66 75 6e 63 74 69 6f 6e 28 6b 2c 6c 29 7b 6c 28 68 29 7d 29 7d 3b 65 2e 72 61 63 65 3d 66 75 6e 63 74 69 6f 6e 28 68 29 7b 72 65 74 75 72 6e 20 6e 65 77 20 65 28 66 75 6e 63 74 69 6f 6e 28 6b 2c 6c 29 7b 66 6f 72 28 76 61 72 20 6d 3d 5f 2e 75 61 28 68 29 2c 6e 3d 6d 2e 6e 65 78 74 28 29 3b 21 6e 2e 64 6f 6e 65 3b 6e 3d 6d 2e 6e 65 78 74 28 29 29 63 28 6e 2e 76 61 6c 75 65 29 2e 42 79 28 6b 2c 6c 29 7d 29 7d 3b 65 2e 61 6c 6c 3d 66 75 6e 63 74 69 6f 6e 28 68 29 7b 76 61 72 20 6b 3d 5f 2e 75 61 28 68 29 2c 6c 3d 6b 2e 6e 65 78 74 28 29 3b 72 65 74 75 72 6e 20 6c 2e 64 6f 6e 65 3f 63
                                                                                                              Data Ascii: ;this.sV=!0};e.resolve=c;e.reject=function(h){return new e(function(k,l){l(h)})};e.race=function(h){return new e(function(k,l){for(var m=_.ua(h),n=m.next();!n.done;n=m.next())c(n.value).By(k,l)})};e.all=function(h){var k=_.ua(h),l=k.next();return l.done?c
                                                                                                              2024-05-04 18:23:00 UTC1255INData Raw: 63 74 2e 73 65 61 6c 29 72 65 74 75 72 6e 21 31 3b 74 72 79 7b 76 61 72 20 6c 3d 4f 62 6a 65 63 74 2e 73 65 61 6c 28 7b 7d 29 2c 6d 3d 4f 62 6a 65 63 74 2e 73 65 61 6c 28 7b 7d 29 2c 6e 3d 6e 65 77 20 61 28 5b 5b 6c 2c 32 5d 2c 5b 6d 2c 33 5d 5d 29 3b 69 66 28 32 21 3d 6e 2e 67 65 74 28 6c 29 7c 7c 33 21 3d 6e 2e 67 65 74 28 6d 29 29 72 65 74 75 72 6e 21 31 3b 6e 2e 64 65 6c 65 74 65 28 6c 29 3b 6e 2e 73 65 74 28 6d 2c 34 29 3b 72 65 74 75 72 6e 21 6e 2e 68 61 73 28 6c 29 26 26 34 3d 3d 6e 2e 67 65 74 28 6d 29 7d 63 61 74 63 68 28 70 29 7b 72 65 74 75 72 6e 21 31 7d 7d 28 29 29 72 65 74 75 72 6e 20 61 3b 0a 76 61 72 20 66 3d 22 24 6a 73 63 6f 6d 70 5f 68 69 64 64 65 6e 5f 22 2b 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 3b 65 28 22 66 72 65 65 7a 65 22 29 3b
                                                                                                              Data Ascii: ct.seal)return!1;try{var l=Object.seal({}),m=Object.seal({}),n=new a([[l,2],[m,3]]);if(2!=n.get(l)||3!=n.get(m))return!1;n.delete(l);n.set(m,4);return!n.has(l)&&4==n.get(m)}catch(p){return!1}}())return a;var f="$jscomp_hidden_"+Math.random();e("freeze");
                                                                                                              2024-05-04 18:23:00 UTC1255INData Raw: 20 62 3d 6e 65 77 20 57 65 61 6b 4d 61 70 2c 63 3d 66 75 6e 63 74 69 6f 6e 28 6b 29 7b 74 68 69 73 5b 30 5d 3d 7b 7d 3b 74 68 69 73 5b 31 5d 3d 0a 66 28 29 3b 74 68 69 73 2e 73 69 7a 65 3d 30 3b 69 66 28 6b 29 7b 6b 3d 5f 2e 75 61 28 6b 29 3b 66 6f 72 28 76 61 72 20 6c 3b 21 28 6c 3d 6b 2e 6e 65 78 74 28 29 29 2e 64 6f 6e 65 3b 29 6c 3d 6c 2e 76 61 6c 75 65 2c 74 68 69 73 2e 73 65 74 28 6c 5b 30 5d 2c 6c 5b 31 5d 29 7d 7d 3b 63 2e 70 72 6f 74 6f 74 79 70 65 2e 73 65 74 3d 66 75 6e 63 74 69 6f 6e 28 6b 2c 6c 29 7b 6b 3d 30 3d 3d 3d 6b 3f 30 3a 6b 3b 76 61 72 20 6d 3d 64 28 74 68 69 73 2c 6b 29 3b 6d 2e 6c 69 73 74 7c 7c 28 6d 2e 6c 69 73 74 3d 74 68 69 73 5b 30 5d 5b 6d 2e 69 64 5d 3d 5b 5d 29 3b 6d 2e 6e 66 3f 6d 2e 6e 66 2e 76 61 6c 75 65 3d 6c 3a 28 6d
                                                                                                              Data Ascii: b=new WeakMap,c=function(k){this[0]={};this[1]=f();this.size=0;if(k){k=_.ua(k);for(var l;!(l=k.next()).done;)l=l.value,this.set(l[0],l[1])}};c.prototype.set=function(k,l){k=0===k?0:k;var m=d(this,k);m.list||(m.list=this[0][m.id]=[]);m.nf?m.nf.value=l:(m
                                                                                                              2024-05-04 18:23:00 UTC1255INData Raw: 6d 3d 62 2e 67 65 74 28 6c 29 3a 28 6d 3d 22 22 2b 20 2b 2b 68 2c 62 2e 73 65 74 28 6c 2c 6d 29 29 3a 6d 3d 22 70 5f 22 2b 6c 3b 76 61 72 20 6e 3d 6b 5b 30 5d 5b 6d 5d 3b 69 66 28 6e 26 26 76 61 28 6b 5b 30 5d 2c 6d 29 29 66 6f 72 28 6b 3d 30 3b 6b 3c 6e 2e 6c 65 6e 67 74 68 3b 6b 2b 2b 29 7b 76 61 72 20 70 3d 6e 5b 6b 5d 3b 69 66 28 6c 21 3d 3d 6c 26 26 70 2e 6b 65 79 21 3d 3d 70 2e 6b 65 79 7c 7c 6c 3d 3d 3d 70 2e 6b 65 79 29 72 65 74 75 72 6e 7b 69 64 3a 6d 2c 6c 69 73 74 3a 6e 2c 69 6e 64 65 78 3a 6b 2c 6e 66 3a 70 7d 7d 72 65 74 75 72 6e 7b 69 64 3a 6d 2c 6c 69 73 74 3a 6e 2c 69 6e 64 65 78 3a 2d 31 2c 6e 66 3a 76 6f 69 64 20 30 7d 7d 2c 65 3d 66 75 6e 63 74 69 6f 6e 28 6b 2c 6c 29 7b 76 61 72 20 6d 3d 6b 5b 31 5d 3b 72 65 74 75 72 6e 20 70 61 28 66
                                                                                                              Data Ascii: m=b.get(l):(m=""+ ++h,b.set(l,m)):m="p_"+l;var n=k[0][m];if(n&&va(k[0],m))for(k=0;k<n.length;k++){var p=n[k];if(l!==l&&p.key!==p.key||l===p.key)return{id:m,list:n,index:k,nf:p}}return{id:m,list:n,index:-1,nf:void 0}},e=function(k,l){var m=k[1];return pa(f
                                                                                                              2024-05-04 18:23:00 UTC1255INData Raw: 75 72 6e 21 31 3b 76 61 72 20 65 3d 64 2e 65 6e 74 72 69 65 73 28 29 2c 66 3d 65 2e 6e 65 78 74 28 29 3b 69 66 28 66 2e 64 6f 6e 65 7c 7c 66 2e 76 61 6c 75 65 5b 30 5d 21 3d 63 7c 7c 66 2e 76 61 6c 75 65 5b 31 5d 21 3d 63 29 72 65 74 75 72 6e 21 31 3b 66 3d 65 2e 6e 65 78 74 28 29 3b 72 65 74 75 72 6e 20 66 2e 64 6f 6e 65 7c 7c 66 2e 76 61 6c 75 65 5b 30 5d 3d 3d 63 7c 7c 34 21 3d 66 2e 76 61 6c 75 65 5b 30 5d 2e 78 7c 7c 66 2e 76 61 6c 75 65 5b 31 5d 21 3d 66 2e 76 61 6c 75 65 5b 30 5d 3f 21 31 3a 65 2e 6e 65 78 74 28 29 2e 64 6f 6e 65 7d 63 61 74 63 68 28 68 29 7b 72 65 74 75 72 6e 21 31 7d 7d 28 29 29 72 65 74 75 72 6e 20 61 3b 76 61 72 20 62 3d 66 75 6e 63 74 69 6f 6e 28 63 29 7b 74 68 69 73 2e 44 61 3d 6e 65 77 20 4d 61 70 3b 69 66 28 63 29 7b 63 3d
                                                                                                              Data Ascii: urn!1;var e=d.entries(),f=e.next();if(f.done||f.value[0]!=c||f.value[1]!=c)return!1;f=e.next();return f.done||f.value[0]==c||4!=f.value[0].x||f.value[1]!=f.value[0]?!1:e.next().done}catch(h){return!1}}())return a;var b=function(c){this.Da=new Map;if(c){c=


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              5192.168.2.449768142.250.72.1424437572C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2024-05-04 18:24:47 UTC872OUTGET /widget/app/so?awwd=1&gm3=1&origin=chrome-untrusted%3A%2F%2Fnew-tab-page&origin=chrome%3A%2F%2Fnew-tab-page&cn=app&pid=1&spid=243&hl=en HTTP/1.1
                                                                                                              Host: ogs.google.com
                                                                                                              Connection: keep-alive
                                                                                                              sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                              sec-ch-ua-mobile: ?0
                                                                                                              sec-ch-ua-platform: "Windows"
                                                                                                              Upgrade-Insecure-Requests: 1
                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                              X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX
                                                                                                              Sec-Fetch-Site: cross-site
                                                                                                              Sec-Fetch-Mode: navigate
                                                                                                              Sec-Fetch-Dest: iframe
                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                              2024-05-04 18:24:48 UTC2491INHTTP/1.1 200 OK
                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                              X-Frame-Options: ALLOW-FROM chrome-untrusted://new-tab-page
                                                                                                              Content-Security-Policy: frame-ancestors chrome-untrusted://new-tab-page chrome://new-tab-page
                                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/OneGoogleWidgetUi/cspreport
                                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-Y9uyxQCCQplhYn6BcT-tqA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/OneGoogleWidgetUi/cspreport;worker-src 'self'
                                                                                                              Content-Security-Policy: script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/OneGoogleWidgetUi/cspreport/allowlist
                                                                                                              x-ua-compatible: IE=edge
                                                                                                              Expires: Sat, 04 May 2024 18:24:47 GMT
                                                                                                              Date: Sat, 04 May 2024 18:24:47 GMT
                                                                                                              Cache-Control: private, max-age=259200
                                                                                                              P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                              Cross-Origin-Resource-Policy: same-site
                                                                                                              Cross-Origin-Embedder-Policy-Report-Only: require-corp; report-to="CoepOneGoogleWidgetUi"
                                                                                                              Report-To: {"group":"CoepOneGoogleWidgetUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/OneGoogleWidgetUi"}]}
                                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                              reporting-endpoints: default="/_/OneGoogleWidgetUi/web-reports?context=eJzjstDikmLw15BiuPf9GVPByhdMEl9fMmkAsVP6DNYgIPapn8EaA8StN8-xTgXipH_nWYuAWIiH4_2vmxvZBCasWHebGQD7xB67"
                                                                                                              Server: ESF
                                                                                                              X-XSS-Protection: 0
                                                                                                              X-Content-Type-Options: nosniff
                                                                                                              Set-Cookie: NID=513=PhpfmKM5L1fzESmntxti1sFilf2zFBkgiWHIy7aXMXZRqX-H7fFGsNW_F-gqtGPUr54f09k7L06v06GwznZt1y9uTMSL8RWsVw2GEwmk0ujffYmwcEIW9EP7KfSwqnXqQp12qLJTyLWrUZGGTJStH8S83vpBwGxSAWzXhFrQLPM; expires=Sun, 03-Nov-2024 18:24:47 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                              Accept-Ranges: none
                                                                                                              Vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site,Accept-Encoding
                                                                                                              Connection: close
                                                                                                              Transfer-Encoding: chunked
                                                                                                              2024-05-04 18:24:48 UTC2491INData Raw: 38 30 30 30 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 22 6c 74 72 22 3e 3c 68 65 61 64 3e 3c 62 61 73 65 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6f 67 73 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 22 3e 3c 6c 69 6e 6b 20 72 65 66 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 2f 2f 77 77 77 2e 67 73 74 61 74 69 63 2e 63 6f 6d 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 66 65 72 72 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 6f 72 69 67 69 6e 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 63 61 6e 6f 6e 69 63 61 6c 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6f 67 73 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 77 69 64 67 65 74 2f 61 70 70 2f 73 6f 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70
                                                                                                              Data Ascii: 8000<!doctype html><html lang="en" dir="ltr"><head><base href="https://ogs.google.com/"><link ref="preconnect" href="//www.gstatic.com"><meta name="referrer" content="origin"><link rel="canonical" href="https://ogs.google.com/widget/app/so"><link rel="p
                                                                                                              2024-05-04 18:24:48 UTC2491INData Raw: 63 6f 72 64 49 6d 6c 45 6c 3d 6d 3b 64 6f 63 75 6d 65 6e 74 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 6c 6f 61 64 22 2c 66 75 6e 63 74 69 6f 6e 28 62 29 7b 62 3d 62 2e 74 61 72 67 65 74 3b 76 61 72 20 63 3b 22 49 4d 47 22 21 3d 62 2e 74 61 67 4e 61 6d 65 7c 7c 62 2e 68 61 73 41 74 74 72 69 62 75 74 65 28 22 64 61 74 61 2d 69 69 64 22 29 7c 7c 61 2e 5f 69 73 4c 61 7a 79 49 6d 61 67 65 28 62 29 7c 7c 62 2e 68 61 73 41 74 74 72 69 62 75 74 65 28 22 64 61 74 61 2d 6e 6f 61 66 74 22 29 7c 7c 28 63 3d 6d 28 62 29 29 3b 69 66 28 61 2e 61 66 74 5f 63 6f 75 6e 74 65 72 26 26 28 62 3d 61 2e 61 66 74 5f 63 6f 75 6e 74 65 72 2e 69 6e 64 65 78 4f 66 28 62 29 2c 2d 31 21 3d 3d 62 26 26 28 62 3d 31 3d 3d 3d
                                                                                                              Data Ascii: cordImlEl=m;document.documentElement.addEventListener("load",function(b){b=b.target;var c;"IMG"!=b.tagName||b.hasAttribute("data-iid")||a._isLazyImage(b)||b.hasAttribute("data-noaft")||(c=m(b));if(a.aft_counter&&(b=a.aft_counter.indexOf(b),-1!==b&&(b=1===
                                                                                                              2024-05-04 18:24:48 UTC2491INData Raw: 65 78 3a 33 7d 2e 41 4f 71 34 74 62 7b 68 65 69 67 68 74 3a 35 36 70 78 7d 2e 6b 46 77 50 65 65 7b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7a 2d 69 6e 64 65 78 3a 31 3b 68 65 69 67 68 74 3a 31 30 30 25 7d 2e 79 64 4d 4d 45 62 7b 68 65 69 67 68 74 3a 35 36 70 78 3b 77 69 64 74 68 3a 31 30 30 25 7d 2e 53 53 50 47 4b 66 7b 6f 76 65 72 66 6c 6f 77 2d 79 3a 68 69 64 64 65 6e 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 62 6f 74 74 6f 6d 3a 30 3b 6c 65 66 74 3a 30 3b 72 69 67 68 74 3a 30 3b 74 6f 70 3a 30 7d 2e 65 63 4a 45 69 62 20 2e 41 4f 71 34 74 62 2c 2e 65 63 4a 45 69 62 20 2e 79 64 4d 4d 45 62 7b 68 65 69 67 68 74 3a 36 34 70 78 7d 2e 65 32 47 33 46 62 2e 45 57 5a 63 75 64 20 2e 41 4f 71 34 74 62 2c 2e 65 32 47 33 46 62 2e 45 57
                                                                                                              Data Ascii: ex:3}.AOq4tb{height:56px}.kFwPee{position:relative;z-index:1;height:100%}.ydMMEb{height:56px;width:100%}.SSPGKf{overflow-y:hidden;position:absolute;bottom:0;left:0;right:0;top:0}.ecJEib .AOq4tb,.ecJEib .ydMMEb{height:64px}.e2G3Fb.EWZcud .AOq4tb,.e2G3Fb.EW
                                                                                                              2024-05-04 18:24:48 UTC2491INData Raw: 3a 61 63 74 69 76 65 20 2e 52 71 35 47 63 62 2c 2e 6e 7a 39 73 71 62 2e 6f 30 37 47 35 20 2e 74 58 39 75 31 62 3a 61 63 74 69 76 65 3a 68 6f 76 65 72 20 2e 52 71 35 47 63 62 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 32 64 32 65 33 30 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 3b 6f 70 61 63 69 74 79 3a 2e 38 7d 2e 74 58 39 75 31 62 5b 64 72 61 67 67 61 62 6c 65 3d 66 61 6c 73 65 5d 7b 2d 77 65 62 6b 69 74 2d 74 6f 75 63 68 2d 63 61 6c 6c 6f 75 74 3a 6e 6f 6e 65 3b 75 73 65 72 2d 73 65 6c 65 63 74 3a 6e 6f 6e 65 7d 2e 4d 72 45 66 4c 63 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 33 70 78 3b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 74 6f 70 3b 77 69 64 74 68 3a
                                                                                                              Data Ascii: :active .Rq5Gcb,.nz9sqb.o07G5 .tX9u1b:active:hover .Rq5Gcb{background-color:#2d2e30;border-color:transparent;opacity:.8}.tX9u1b[draggable=false]{-webkit-touch-callout:none;user-select:none}.MrEfLc{display:inline-block;height:53px;vertical-align:top;width:
                                                                                                              2024-05-04 18:24:48 UTC2491INData Raw: 73 71 62 2e 45 48 7a 63 65 63 3a 3a 2d 77 65 62 6b 69 74 2d 73 63 72 6f 6c 6c 62 61 72 2d 74 68 75 6d 62 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 72 67 62 28 39 35 2c 39 39 2c 31 30 34 29 7d 2e 45 48 7a 63 65 63 3a 3a 2d 77 65 62 6b 69 74 2d 73 63 72 6f 6c 6c 62 61 72 2d 74 72 61 63 6b 2c 2e 45 48 7a 63 65 63 3a 3a 2d 77 65 62 6b 69 74 2d 73 63 72 6f 6c 6c 62 61 72 2d 74 72 61 63 6b 3a 68 6f 76 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 62 6f 72 64 65 72 3a 6e 6f 6e 65 7d 2e 6a 46 56 30 6e 7b 68 65 69 67 68 74 3a 34 30 70 78 3b 6d 61 72 67 69 6e 3a 38 70 78 3b 77 69 64 74 68 3a 34 30 70 78 7d 2e 6e 7a 39 73 71 62 20 2e 6a 46 56 30 6e 7b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 7d 2e 4f 75 6e 5a 39 63 7b 62 61 63 6b 67
                                                                                                              Data Ascii: sqb.EHzcec::-webkit-scrollbar-thumb{background-color:rgb(95,99,104)}.EHzcec::-webkit-scrollbar-track,.EHzcec::-webkit-scrollbar-track:hover{background:none;border:none}.jFV0n{height:40px;margin:8px;width:40px}.nz9sqb .jFV0n{position:relative}.OunZ9c{backg
                                                                                                              2024-05-04 18:24:48 UTC2491INData Raw: 34 70 78 20 32 34 70 78 20 32 34 70 78 3b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 31 30 70 78 7d 2e 75 34 52 63 55 64 7b 70 61 64 64 69 6e 67 2d 74 6f 70 3a 30 7d 2e 6e 7a 39 73 71 62 2e 45 48 7a 63 65 63 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 32 38 32 61 32 63 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 76 61 72 28 2d 2d 67 6d 33 2d 73 79 73 2d 63 6f 6c 6f 72 2d 73 75 72 66 61 63 65 2d 63 6f 6e 74 61 69 6e 65 72 2d 68 69 67 68 2c 23 32 38 32 61 32 63 29 7d 2e 6e 7a 39 73 71 62 2e 45 48 7a 63 65 63 20 2e 4c 56 61 6c 37 62 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 31 62 31 62 31 62 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 76 61 72 28 2d 2d 67 6d 33 2d 73 79 73 2d 63 6f 6c 6f 72 2d 73 75 72 66 61 63 65 2d 63 6f 6e 74 61 69 6e 65 72 2d 6c 6f 77 2c 23 31 62 31 62 31 62 29
                                                                                                              Data Ascii: 4px 24px 24px;margin-bottom:10px}.u4RcUd{padding-top:0}.nz9sqb.EHzcec{background:#282a2c;background:var(--gm3-sys-color-surface-container-high,#282a2c)}.nz9sqb.EHzcec .LVal7b{background:#1b1b1b;background:var(--gm3-sys-color-surface-container-low,#1b1b1b)
                                                                                                              2024-05-04 18:24:48 UTC2491INData Raw: 74 6f 70 3a 30 3b 6c 65 66 74 3a 30 3b 77 69 64 74 68 3a 31 30 30 25 3b 68 65 69 67 68 74 3a 31 30 30 25 3b 6f 70 61 63 69 74 79 3a 30 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 31 30 30 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 30 62 35 37 64 30 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 76 61 72 28 2d 2d 67 6d 33 2d 73 79 73 2d 63 6f 6c 6f 72 2d 70 72 69 6d 61 72 79 2c 23 30 62 35 37 64 30 29 3b 74 72 61 6e 73 69 74 69 6f 6e 3a 6f 70 61 63 69 74 79 20 2e 35 73 20 65 61 73 65 2d 6f 75 74 7d 2e 4e 51 56 33 6d 3a 68 6f 76 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 37 34 37 37 37 35 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 76 61 72 28 2d 2d 67 6d 33 2d 73 79 73 2d 63 6f 6c 6f 72 2d 6f 75 74 6c 69 6e 65
                                                                                                              Data Ascii: top:0;left:0;width:100%;height:100%;opacity:0;border-radius:100px;background:#0b57d0;background:var(--gm3-sys-color-primary,#0b57d0);transition:opacity .5s ease-out}.NQV3m:hover{background:none;border-color:#747775;border-color:var(--gm3-sys-color-outline
                                                                                                              2024-05-04 18:24:48 UTC2491INData Raw: 6f 6c 6f 72 3a 23 61 38 63 37 66 61 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 76 61 72 28 2d 2d 67 6d 33 2d 73 79 73 2d 63 6f 6c 6f 72 2d 70 72 69 6d 61 72 79 2c 23 61 38 63 37 66 61 29 7d 2e 45 48 7a 63 65 63 3a 3a 2d 77 65 62 6b 69 74 2d 73 63 72 6f 6c 6c 62 61 72 7b 77 69 64 74 68 3a 38 70 78 7d 2e 45 48 7a 63 65 63 3a 3a 2d 77 65 62 6b 69 74 2d 73 63 72 6f 6c 6c 62 61 72 2d 74 68 75 6d 62 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6c 69 70 3a 70 61 64 64 69 6e 67 2d 62 6f 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 72 67 62 61 28 33 31 2c 33 31 2c 33 31 2c 2e 31 36 29 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 38 70 78 3b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 62 6f 78 2d 73 68 61 64 6f 77 3a
                                                                                                              Data Ascii: olor:#a8c7fa;border-color:var(--gm3-sys-color-primary,#a8c7fa)}.EHzcec::-webkit-scrollbar{width:8px}.EHzcec::-webkit-scrollbar-thumb{background-clip:padding-box;background-color:rgba(31,31,31,.16);border-radius:8px;border:1px solid transparent;box-shadow:
                                                                                                              2024-05-04 18:24:48 UTC2491INData Raw: 3a 63 65 6e 74 65 72 3b 6c 65 66 74 3a 31 33 70 78 3b 6d 69 6e 2d 77 69 64 74 68 3a 31 32 70 78 3b 70 61 64 64 69 6e 67 3a 32 70 78 20 33 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 74 6f 70 3a 31 70 78 3b 62 6f 72 64 65 72 3a 2e 35 70 78 20 73 6f 6c 69 64 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 66 38 66 61 66 64 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 76 61 72 28 2d 2d 67 6d 33 2d 73 79 73 2d 63 6f 6c 6f 72 2d 73 75 72 66 61 63 65 2d 63 6f 6e 74 61 69 6e 65 72 2d 6c 6f 77 2c 23 66 38 66 61 66 64 29 7d 2e 51 67 64 64 55 63 20 2e 6b 69 62 50 36 62 3a 66 6f 63 75 73 2c 2e 51 67 64 64 55 63 20 2e 6c 48 74 53 62 64 3a 66 6f 63 75 73 7b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 64 64 65 33
                                                                                                              Data Ascii: :center;left:13px;min-width:12px;padding:2px 3px;position:absolute;top:1px;border:.5px solid;border-color:#f8fafd;border-color:var(--gm3-sys-color-surface-container-low,#f8fafd)}.QgddUc .kibP6b:focus,.QgddUc .lHtSbd:focus{border:1px solid;background:#dde3
                                                                                                              2024-05-04 18:24:48 UTC2491INData Raw: 31 31 31 2c 55 2b 30 31 32 38 2d 30 31 32 39 2c 55 2b 30 31 36 38 2d 30 31 36 39 2c 55 2b 30 31 41 30 2d 30 31 41 31 2c 55 2b 30 31 41 46 2d 30 31 42 30 2c 55 2b 30 33 30 30 2d 30 33 30 31 2c 55 2b 30 33 30 33 2d 30 33 30 34 2c 55 2b 30 33 30 38 2d 30 33 30 39 2c 55 2b 30 33 32 33 2c 55 2b 30 33 32 39 2c 55 2b 31 45 41 30 2d 31 45 46 39 2c 55 2b 32 30 41 42 3b 7d 40 66 6f 6e 74 2d 66 61 63 65 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 27 52 6f 62 6f 74 6f 27 3b 66 6f 6e 74 2d 73 74 79 6c 65 3a 6e 6f 72 6d 61 6c 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 3b 73 72 63 3a 75 72 6c 28 2f 2f 66 6f 6e 74 73 2e 67 73 74 61 74 69 63 2e 63 6f 6d 2f 73 2f 72 6f 62 6f 74 6f 2f 76 31 38 2f 4b 46 4f 6d 43 6e 71 45 75 39 32 46 72 31 4d 75 37 47 78 4b 4f 7a 59 2e 77 6f
                                                                                                              Data Ascii: 111,U+0128-0129,U+0168-0169,U+01A0-01A1,U+01AF-01B0,U+0300-0301,U+0303-0304,U+0308-0309,U+0323,U+0329,U+1EA0-1EF9,U+20AB;}@font-face{font-family:'Roboto';font-style:normal;font-weight:400;src:url(//fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu7GxKOzY.wo


                                                                                                              SMTP Packets

                                                                                                              TimestampSource PortDest PortSource IPDest IPCommands
                                                                                                              May 4, 2024 20:22:58.425980091 CEST58749747108.170.55.203192.168.2.4220-terminal4.veeblehosting.com ESMTP Exim 4.96.2 #2 Sat, 04 May 2024 11:22:58 -0700
                                                                                                              220-We do not authorize the use of this system to transport unsolicited,
                                                                                                              220 and/or bulk e-mail.
                                                                                                              May 4, 2024 20:22:58.427596092 CEST49747587192.168.2.4108.170.55.203EHLO 960781
                                                                                                              May 4, 2024 20:22:58.585742950 CEST58749747108.170.55.203192.168.2.4250-terminal4.veeblehosting.com Hello 960781 [81.181.54.104]
                                                                                                              250-SIZE 52428800
                                                                                                              250-8BITMIME
                                                                                                              250-PIPELINING
                                                                                                              250-PIPECONNECT
                                                                                                              250-STARTTLS
                                                                                                              250 HELP
                                                                                                              May 4, 2024 20:22:58.701276064 CEST49747587192.168.2.4108.170.55.203STARTTLS
                                                                                                              May 4, 2024 20:22:58.861298084 CEST58749747108.170.55.203192.168.2.4220 TLS go ahead

                                                                                                              Statistics

                                                                                                              CPU Usage

                                                                                                              Click to jump to process

                                                                                                              Memory Usage

                                                                                                              Click to jump to process

                                                                                                              High Level Behavior Distribution

                                                                                                              Click to dive into process behavior distribution

                                                                                                              Behavior

                                                                                                              Click to jump to process

                                                                                                              System Behavior

                                                                                                              General

                                                                                                              Target ID:0
                                                                                                              Start time:20:22:46
                                                                                                              Start date:04/05/2024
                                                                                                              Path:C:\Users\user\Desktop\FW URGENT RFQ-400098211.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:"C:\Users\user\Desktop\FW URGENT RFQ-400098211.exe"
                                                                                                              Imagebase:0x23638030000
                                                                                                              File size:637'340 bytes
                                                                                                              MD5 hash:EB22DF9E911F644327E4417B7E170727
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Yara matches:
                                                                                                              • Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 00000000.00000002.1873031135.0000023639E38000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1874267788.0000023649E02000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                              • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.1874267788.0000023649E02000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                              Reputation:low
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:1
                                                                                                              Start time:20:22:51
                                                                                                              Start date:04/05/2024
                                                                                                              Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                                              Wow64 process (32bit):
                                                                                                              Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\installutil.exe"
                                                                                                              Imagebase:
                                                                                                              File size:42'064 bytes
                                                                                                              MD5 hash:5D4073B2EB6D217C19F2B22F21BF8D57
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Reputation:moderate
                                                                                                              Has exited:false

                                                                                                              General

                                                                                                              Target ID:2
                                                                                                              Start time:20:22:51
                                                                                                              Start date:04/05/2024
                                                                                                              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://%3cfnc1%3e(%08)192207080962112986271363245700090061668218406782359533476819003707/
                                                                                                              Imagebase:0x7ff76e190000
                                                                                                              File size:3'242'272 bytes
                                                                                                              MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Reputation:high
                                                                                                              Has exited:false

                                                                                                              General

                                                                                                              Target ID:3
                                                                                                              Start time:20:22:51
                                                                                                              Start date:04/05/2024
                                                                                                              Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe"
                                                                                                              Imagebase:0xff0000
                                                                                                              File size:262'432 bytes
                                                                                                              MD5 hash:8FDF47E0FF70C40ED3A17014AEEA4232
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Yara matches:
                                                                                                              • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000003.00000002.2873047771.0000000003462000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                              • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000003.00000002.2873047771.000000000343E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000002.2871237151.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                              • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000003.00000002.2871237151.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000002.2873047771.0000000003412000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                              • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000003.00000002.2873047771.0000000003412000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                              Reputation:moderate
                                                                                                              Has exited:false

                                                                                                              General

                                                                                                              Target ID:7
                                                                                                              Start time:20:22:51
                                                                                                              Start date:04/05/2024
                                                                                                              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2424 --field-trial-handle=2392,i,10964861050037891216,14656894280507300521,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                                                                                              Imagebase:0x7ff76e190000
                                                                                                              File size:3'242'272 bytes
                                                                                                              MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Reputation:high
                                                                                                              Has exited:false

                                                                                                              General

                                                                                                              Target ID:8
                                                                                                              Start time:20:22:52
                                                                                                              Start date:04/05/2024
                                                                                                              Path:C:\Windows\System32\WerFault.exe
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:C:\Windows\system32\WerFault.exe -u -p 5728 -s 1104
                                                                                                              Imagebase:0x7ff6e2120000
                                                                                                              File size:570'736 bytes
                                                                                                              MD5 hash:FD27D9F6D02763BDE32511B5DF7FF7A0
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Reputation:high
                                                                                                              Has exited:true

                                                                                                              Disassembly

                                                                                                              Reset < >

                                                                                                                Execution Graph

                                                                                                                Execution Coverage:16.6%
                                                                                                                Dynamic/Decrypted Code Coverage:100%
                                                                                                                Signature Coverage:0%
                                                                                                                Total number of Nodes:10
                                                                                                                Total number of Limit Nodes:2
                                                                                                                execution_graph 14637 7ffd9ba2eeb8 14639 7ffd9ba2eebd 14637->14639 14638 7ffd9ba2efdb 14639->14638 14640 7ffd9ba31360 Wow64SetThreadContext 14639->14640 14641 7ffd9ba3139a 14640->14641 14632 7ffd9ba15a0a 14634 7ffd9ba15a19 14632->14634 14633 7ffd9ba159f4 14634->14633 14635 7ffd9ba15aab VirtualProtect 14634->14635 14636 7ffd9ba15af1 14635->14636

                                                                                                                Executed Functions

                                                                                                                Function 00007FFD9BA1EA21 Relevance: 3.9, Strings: 2, Instructions: 1428COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 0 7ffd9ba1ea21-7ffd9ba1ea5b 2 7ffd9ba1ea61-7ffd9ba1eaa6 call 7ffd9ba1db00 call 7ffd9ba19a00 0->2 3 7ffd9ba1eaec-7ffd9ba1eaff 0->3 2->3 16 7ffd9ba1eaa8-7ffd9ba1eac6 2->16 8 7ffd9ba1eb41-7ffd9ba1eb44 3->8 9 7ffd9ba1eb01-7ffd9ba1eb19 3->9 11 7ffd9ba1ebe6-7ffd9ba1ebf7 8->11 12 7ffd9ba1eb45-7ffd9ba1eb61 8->12 14 7ffd9ba1eb63-7ffd9ba1eb7a call 7ffd9ba19a00 call 7ffd9ba1a160 9->14 15 7ffd9ba1eb1b-7ffd9ba1eb3f 9->15 21 7ffd9ba1ec39-7ffd9ba1ec46 11->21 22 7ffd9ba1ebf9-7ffd9ba1ec09 11->22 12->14 14->11 30 7ffd9ba1eb7c-7ffd9ba1eb8e 14->30 15->8 16->3 19 7ffd9ba1eac8-7ffd9ba1eaeb 16->19 25 7ffd9ba1ece3-7ffd9ba1ecf1 21->25 26 7ffd9ba1ec4c-7ffd9ba1ec5f 21->26 24 7ffd9ba1ec0a 22->24 28 7ffd9ba1ec0b-7ffd9ba1ec19 24->28 37 7ffd9ba1ecf3-7ffd9ba1ecf5 25->37 38 7ffd9ba1ecf6-7ffd9ba1ed14 25->38 29 7ffd9ba1ec63-7ffd9ba1ec85 call 7ffd9ba1db00 26->29 28->29 36 7ffd9ba1ec1b-7ffd9ba1ec1e 28->36 29->25 39 7ffd9ba1ec87-7ffd9ba1ec99 29->39 30->24 40 7ffd9ba1eb90 30->40 41 7ffd9ba1ec22-7ffd9ba1ec38 36->41 37->38 46 7ffd9ba1ed15-7ffd9ba1ed19 38->46 39->46 49 7ffd9ba1ec9b 39->49 44 7ffd9ba1eb92-7ffd9ba1eb9a 40->44 45 7ffd9ba1ebd6-7ffd9ba1ebe5 40->45 41->21 44->28 50 7ffd9ba1eb9c-7ffd9ba1eba1 44->50 47 7ffd9ba1ed63-7ffd9ba1eda3 call 7ffd9ba1db00 * 2 call 7ffd9ba19a00 46->47 48 7ffd9ba1ed1b-7ffd9ba1ed46 46->48 51 7ffd9ba1ee3c-7ffd9ba1ee4f 47->51 77 7ffd9ba1eda9-7ffd9ba1eddc 47->77 48->51 52 7ffd9ba1ed4c-7ffd9ba1ed60 48->52 54 7ffd9ba1ec9d-7ffd9ba1ecbb call 7ffd9ba19da0 49->54 55 7ffd9ba1ece1-7ffd9ba1ece2 49->55 50->41 56 7ffd9ba1eba3-7ffd9ba1ebc4 call 7ffd9ba19da0 50->56 66 7ffd9ba1ee91 51->66 67 7ffd9ba1ee51-7ffd9ba1ee66 51->67 52->47 54->25 68 7ffd9ba1ecbd-7ffd9ba1ece0 54->68 56->11 64 7ffd9ba1ebc6-7ffd9ba1ebd4 56->64 64->45 71 7ffd9ba1ee92-7ffd9ba1ee99 66->71 73 7ffd9ba1ee68 67->73 74 7ffd9ba1ee9b-7ffd9ba1ee9e 67->74 68->55 71->74 78 7ffd9ba1ee6b-7ffd9ba1ee7e 73->78 75 7ffd9ba1eea0-7ffd9ba1eeb0 74->75 76 7ffd9ba1eeb2-7ffd9ba1eebe 74->76 79 7ffd9ba1eece-7ffd9ba1eed7 75->79 76->79 80 7ffd9ba1eec0-7ffd9ba1eecb 76->80 85 7ffd9ba1edde-7ffd9ba1edfa 77->85 86 7ffd9ba1ee25-7ffd9ba1ee2e 77->86 78->71 82 7ffd9ba1ee80-7ffd9ba1ee81 78->82 83 7ffd9ba1ef48-7ffd9ba1ef55 79->83 84 7ffd9ba1eed9-7ffd9ba1eedb 79->84 80->79 87 7ffd9ba1ee82-7ffd9ba1ee90 82->87 90 7ffd9ba1ef57-7ffd9ba1ef6a 83->90 89 7ffd9ba1eedd 84->89 84->90 85->78 96 7ffd9ba1edfc-7ffd9ba1ee01 85->96 88 7ffd9ba1ee30-7ffd9ba1ee3b 86->88 87->79 92 7ffd9ba1eedf-7ffd9ba1eef7 call 7ffd9ba19da0 89->92 93 7ffd9ba1ef23-7ffd9ba1ef47 89->93 94 7ffd9ba1ef71-7ffd9ba1efa3 call 7ffd9ba1db00 call 7ffd9ba19a00 90->94 95 7ffd9ba1ef6c call 7ffd9ba1db00 90->95 92->93 97 7ffd9ba1ef4d-7ffd9ba1ef6c call 7ffd9ba1db00 93->97 98 7ffd9ba1f0a9-7ffd9ba1f0da 93->98 94->98 112 7ffd9ba1efa9-7ffd9ba1eff2 94->112 95->94 96->87 101 7ffd9ba1ee03-7ffd9ba1ee1b 96->101 97->94 117 7ffd9ba1f124-7ffd9ba1f166 call 7ffd9ba1db00 * 2 call 7ffd9ba19a00 98->117 118 7ffd9ba1f0dc-7ffd9ba1f107 98->118 110 7ffd9ba1ee23 101->110 110->88 123 7ffd9ba1eff4-7ffd9ba1f026 call 7ffd9ba19da0 112->123 124 7ffd9ba1f073-7ffd9ba1f07f 112->124 120 7ffd9ba1f29e-7ffd9ba1f2f3 117->120 142 7ffd9ba1f16c-7ffd9ba1f18a 117->142 118->120 121 7ffd9ba1f10d-7ffd9ba1f123 118->121 138 7ffd9ba1f3c6-7ffd9ba1f3d1 120->138 139 7ffd9ba1f2f9-7ffd9ba1f34e call 7ffd9ba1db00 * 2 call 7ffd9ba19a00 120->139 121->117 123->98 131 7ffd9ba1f02c-7ffd9ba1f070 call 7ffd9ba1e4d0 123->131 124->98 126 7ffd9ba1f081-7ffd9ba1f0a8 124->126 131->124 148 7ffd9ba1f3d3-7ffd9ba1f3d5 138->148 149 7ffd9ba1f3d6-7ffd9ba1f41b 138->149 139->138 176 7ffd9ba1f350-7ffd9ba1f37b 139->176 142->120 145 7ffd9ba1f190-7ffd9ba1f1aa 142->145 146 7ffd9ba1f203 145->146 147 7ffd9ba1f1ac-7ffd9ba1f1af 145->147 155 7ffd9ba1f274 146->155 156 7ffd9ba1f205-7ffd9ba1f20a 146->156 151 7ffd9ba1f230-7ffd9ba1f272 call 7ffd9ba1e4d0 147->151 152 7ffd9ba1f1b1-7ffd9ba1f1ca 147->152 148->149 153 7ffd9ba1f421-7ffd9ba1f461 call 7ffd9ba1db00 call 7ffd9ba19a00 149->153 154 7ffd9ba1f4a5-7ffd9ba1f4b7 149->154 151->155 158 7ffd9ba1f1e5-7ffd9ba1f1f7 152->158 159 7ffd9ba1f1cc-7ffd9ba1f1e3 152->159 153->154 183 7ffd9ba1f463-7ffd9ba1f4a4 call 7ffd9ba1b990 153->183 172 7ffd9ba1f4f9-7ffd9ba1f56e call 7ffd9ba1a990 154->172 173 7ffd9ba1f4b9-7ffd9ba1f4f7 154->173 155->120 165 7ffd9ba1f276-7ffd9ba1f289 155->165 161 7ffd9ba1f20c-7ffd9ba1f22b call 7ffd9ba19da0 156->161 162 7ffd9ba1f28b-7ffd9ba1f29d 156->162 167 7ffd9ba1f1fb-7ffd9ba1f201 158->167 159->167 161->151 165->162 167->146 192 7ffd9ba1f669-7ffd9ba1f673 172->192 173->172 180 7ffd9ba1f37d-7ffd9ba1f38f 176->180 181 7ffd9ba1f3ba-7ffd9ba1f3c5 176->181 180->138 184 7ffd9ba1f391-7ffd9ba1f3b7 180->184 184->181 193 7ffd9ba1f573-7ffd9ba1f57e 192->193 194 7ffd9ba1f679-7ffd9ba1f67f 192->194 195 7ffd9ba1f680-7ffd9ba1f6c7 193->195 196 7ffd9ba1f584-7ffd9ba1f5cd 193->196 203 7ffd9ba1f5cf-7ffd9ba1f5e8 196->203 204 7ffd9ba1f5ea-7ffd9ba1f5ec 196->204 205 7ffd9ba1f5ef-7ffd9ba1f5fc 203->205 204->205 207 7ffd9ba1f5fe-7ffd9ba1f65c call 7ffd9ba1c2a0 205->207 208 7ffd9ba1f661-7ffd9ba1f666 205->208 207->208 208->192
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.1877433442.00007FFD9BA10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA10000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_7ffd9ba10000_FW URGENT RFQ-400098211.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: OL_H$IL
                                                                                                                • API String ID: 0-1334695725
                                                                                                                • Opcode ID: 4723c245a764de1a40029fb23c0047ba7fe8d8d82b53abb71ff950fc04a83f5b
                                                                                                                • Instruction ID: 4591d7e668fdc487ea00f6f1c3f8885d6a8670d540e3cebf7f4f0e1fc630b975
                                                                                                                • Opcode Fuzzy Hash: 4723c245a764de1a40029fb23c0047ba7fe8d8d82b53abb71ff950fc04a83f5b
                                                                                                                • Instruction Fuzzy Hash: AFA2463060DB8A4FE7A9DB28C4A44B5B7E1FF95300B1445BED48AC72B6DE39E946C740
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFD9BA14258 Relevance: 2.0, Strings: 1, Instructions: 729COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 690 7ffd9ba14258-7ffd9ba170a1 call 7ffd9ba16f60 696 7ffd9ba170c4-7ffd9ba170d3 690->696 697 7ffd9ba170a3-7ffd9ba170b9 call 7ffd9ba16f60 call 7ffd9ba16fb0 696->697 698 7ffd9ba170d5-7ffd9ba170ef call 7ffd9ba16f60 call 7ffd9ba16fb0 696->698 707 7ffd9ba170f0-7ffd9ba17140 697->707 708 7ffd9ba170bb-7ffd9ba170c2 697->708 712 7ffd9ba17142-7ffd9ba17147 call 7ffd9ba16708 707->712 713 7ffd9ba1714c-7ffd9ba17183 707->713 708->696 712->713 716 7ffd9ba1737f-7ffd9ba173e9 713->716 717 7ffd9ba17189-7ffd9ba17194 713->717 748 7ffd9ba17406-7ffd9ba17425 716->748 749 7ffd9ba173eb-7ffd9ba173f1 716->749 718 7ffd9ba17196-7ffd9ba171a4 717->718 719 7ffd9ba17208-7ffd9ba1720d 717->719 718->716 721 7ffd9ba171aa-7ffd9ba171b9 718->721 722 7ffd9ba1720f-7ffd9ba1721b 719->722 723 7ffd9ba17280-7ffd9ba1728a 719->723 725 7ffd9ba171ed-7ffd9ba171f8 721->725 726 7ffd9ba171bb-7ffd9ba171eb 721->726 722->716 729 7ffd9ba17221-7ffd9ba17234 722->729 727 7ffd9ba172ac-7ffd9ba172b4 723->727 728 7ffd9ba1728c-7ffd9ba17299 call 7ffd9ba16728 723->728 725->716 731 7ffd9ba171fe-7ffd9ba17206 725->731 726->725 734 7ffd9ba17239-7ffd9ba1723c 726->734 732 7ffd9ba172b7-7ffd9ba172c2 727->732 743 7ffd9ba1729e-7ffd9ba172aa 728->743 729->732 731->718 731->719 732->716 736 7ffd9ba172c8-7ffd9ba172d8 732->736 737 7ffd9ba1723e-7ffd9ba1724e 734->737 738 7ffd9ba17252-7ffd9ba1725a 734->738 736->716 741 7ffd9ba172de-7ffd9ba172eb 736->741 737->738 738->716 742 7ffd9ba17260-7ffd9ba1727f 738->742 741->716 744 7ffd9ba172f1-7ffd9ba17311 741->744 743->727 744->716 751 7ffd9ba17313-7ffd9ba17322 744->751 752 7ffd9ba17431-7ffd9ba17458 748->752 749->752 753 7ffd9ba173f3-7ffd9ba17404 749->753 755 7ffd9ba1736d-7ffd9ba1737e 751->755 756 7ffd9ba17324-7ffd9ba1732f 751->756 762 7ffd9ba17459-7ffd9ba17485 752->762 753->748 753->749 756->755 761 7ffd9ba17331-7ffd9ba17368 call 7ffd9ba16728 756->761 761->755 766 7ffd9ba17487-7ffd9ba17497 762->766 767 7ffd9ba17499-7ffd9ba174a6 762->767 766->766 766->767 767->762 769 7ffd9ba174a8-7ffd9ba174d1 767->769 773 7ffd9ba174d3-7ffd9ba174d9 769->773 774 7ffd9ba17528-7ffd9ba1752f 769->774 773->774 775 7ffd9ba174db-7ffd9ba174dc 773->775 776 7ffd9ba17531-7ffd9ba17532 774->776 777 7ffd9ba17572-7ffd9ba1759b 774->777 778 7ffd9ba174df-7ffd9ba174e2 775->778 779 7ffd9ba17535-7ffd9ba17538 776->779 781 7ffd9ba174e8-7ffd9ba174f5 778->781 782 7ffd9ba1759c-7ffd9ba175b1 778->782 779->782 783 7ffd9ba1753a-7ffd9ba1754b 779->783 784 7ffd9ba17521-7ffd9ba17526 781->784 785 7ffd9ba174f7-7ffd9ba1751e 781->785 792 7ffd9ba175b3-7ffd9ba175ba 782->792 793 7ffd9ba175bb-7ffd9ba17641 782->793 786 7ffd9ba1754d-7ffd9ba17553 783->786 787 7ffd9ba17569-7ffd9ba17570 783->787 784->774 784->778 785->784 786->782 791 7ffd9ba17555-7ffd9ba17565 786->791 787->777 787->779 791->787 792->793
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.1877433442.00007FFD9BA10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA10000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_7ffd9ba10000_FW URGENT RFQ-400098211.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: d
                                                                                                                • API String ID: 0-2564639436
                                                                                                                • Opcode ID: 0af32984547750652ea31e8e3d74892b531b3a50ec954a15cc50a28511f4ba76
                                                                                                                • Instruction ID: ecc36a50abb934a7474bb6cd7d9a8bd86f086cb0def160ec25fe71585aa2995e
                                                                                                                • Opcode Fuzzy Hash: 0af32984547750652ea31e8e3d74892b531b3a50ec954a15cc50a28511f4ba76
                                                                                                                • Instruction Fuzzy Hash: 03227670B0EA4A0FE7A9DB6884A15B177D1EF55310B1511BAD89EC71A7DE28FC43C381
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFD9BA215A9 Relevance: 1.7, Instructions: 1669COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.1877433442.00007FFD9BA10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA10000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_7ffd9ba10000_FW URGENT RFQ-400098211.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: f4507001823eb974c83129054fdcbb43dbfb079f5ee91e7cdd29a3356166264f
                                                                                                                • Instruction ID: 2c7d2441e8411e7b2a6f82d5630890b775fe989fda2d3875ee850a3317160161
                                                                                                                • Opcode Fuzzy Hash: f4507001823eb974c83129054fdcbb43dbfb079f5ee91e7cdd29a3356166264f
                                                                                                                • Instruction Fuzzy Hash: D5B2563060DB894FE769DB28C4A14B5B7E2FF95301B0446BED4CAC72A6DE34E946C781
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFD9BA22C5A Relevance: 1.1, Instructions: 1101COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.1877433442.00007FFD9BA10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA10000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_7ffd9ba10000_FW URGENT RFQ-400098211.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 456c684bb4457e0e0f19aa32670912f22968c5d06e8f751acf88a150de5512c2
                                                                                                                • Instruction ID: addc8861b25e811dd37965c166616defdfc815d6485b4e3848b0530a54a27da9
                                                                                                                • Opcode Fuzzy Hash: 456c684bb4457e0e0f19aa32670912f22968c5d06e8f751acf88a150de5512c2
                                                                                                                • Instruction Fuzzy Hash: 02729B31B0DB4E4FE369DB28C4615B577E1FF95310B1046BED48AC72A2DE28E946C781
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFD9BA1FEBA Relevance: .9, Instructions: 861COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 2060 7ffd9ba1feba-7ffd9ba1fec9 2061 7ffd9ba1fee2 2060->2061 2062 7ffd9ba1fecb-7ffd9ba1fee0 2060->2062 2063 7ffd9ba1fee4-7ffd9ba1fee9 2061->2063 2062->2063 2065 7ffd9ba1feef-7ffd9ba1fefe 2063->2065 2066 7ffd9ba1ffe6-7ffd9ba20006 2063->2066 2070 7ffd9ba1ff00-7ffd9ba1ff06 2065->2070 2071 7ffd9ba1ff08-7ffd9ba1ff09 2065->2071 2068 7ffd9ba20057-7ffd9ba20062 2066->2068 2072 7ffd9ba20064-7ffd9ba20073 2068->2072 2073 7ffd9ba20008-7ffd9ba2000e 2068->2073 2076 7ffd9ba1ff0b-7ffd9ba1ff2e 2070->2076 2071->2076 2079 7ffd9ba20075-7ffd9ba20087 2072->2079 2080 7ffd9ba20089 2072->2080 2074 7ffd9ba204d2-7ffd9ba204db 2073->2074 2075 7ffd9ba20014-7ffd9ba20035 call 7ffd9ba1bb38 2073->2075 2085 7ffd9ba204dc-7ffd9ba204ea 2074->2085 2094 7ffd9ba2003a-7ffd9ba20054 2075->2094 2083 7ffd9ba1ff83-7ffd9ba1ff8e 2076->2083 2084 7ffd9ba2008b-7ffd9ba20090 2079->2084 2080->2084 2086 7ffd9ba1ff30-7ffd9ba1ff36 2083->2086 2087 7ffd9ba1ff90-7ffd9ba1ffa7 2083->2087 2090 7ffd9ba20096-7ffd9ba200b8 call 7ffd9ba1bb38 2084->2090 2091 7ffd9ba2011c-7ffd9ba20130 2084->2091 2092 7ffd9ba20534-7ffd9ba20561 call 7ffd9ba16b98 2085->2092 2093 7ffd9ba204ec-7ffd9ba20527 call 7ffd9ba1b4b0 2085->2093 2086->2074 2089 7ffd9ba1ff3c-7ffd9ba1ff80 call 7ffd9ba1bb38 2086->2089 2104 7ffd9ba1ffd6-7ffd9ba1ffe1 call 7ffd9ba1b578 2087->2104 2105 7ffd9ba1ffa9-7ffd9ba1ffcf call 7ffd9ba1bb38 2087->2105 2089->2083 2125 7ffd9ba200e6-7ffd9ba200e7 2090->2125 2126 7ffd9ba200ba-7ffd9ba200e4 2090->2126 2095 7ffd9ba20180-7ffd9ba2018f 2091->2095 2096 7ffd9ba20132-7ffd9ba20138 2091->2096 2140 7ffd9ba20563-7ffd9ba2056b 2092->2140 2141 7ffd9ba2056c-7ffd9ba2056f 2092->2141 2146 7ffd9ba20571-7ffd9ba2057b 2093->2146 2147 7ffd9ba20529-7ffd9ba20532 2093->2147 2094->2068 2114 7ffd9ba20191-7ffd9ba2019a 2095->2114 2115 7ffd9ba2019c 2095->2115 2100 7ffd9ba20157-7ffd9ba2016f 2096->2100 2101 7ffd9ba2013a-7ffd9ba20155 2096->2101 2121 7ffd9ba20178-7ffd9ba2017b 2100->2121 2101->2100 2104->2091 2105->2104 2123 7ffd9ba2019e-7ffd9ba201a3 2114->2123 2115->2123 2127 7ffd9ba20328-7ffd9ba2033d 2121->2127 2130 7ffd9ba204af-7ffd9ba204b0 2123->2130 2131 7ffd9ba201a9-7ffd9ba201ac 2123->2131 2129 7ffd9ba200e9-7ffd9ba200f0 2125->2129 2126->2129 2142 7ffd9ba2037d 2127->2142 2143 7ffd9ba2033f-7ffd9ba2037b 2127->2143 2129->2091 2137 7ffd9ba200f2-7ffd9ba20117 call 7ffd9ba1bb60 2129->2137 2144 7ffd9ba204b3-7ffd9ba204ba 2130->2144 2138 7ffd9ba201ae-7ffd9ba201cb call 7ffd9ba102e8 2131->2138 2139 7ffd9ba201f4 2131->2139 2167 7ffd9ba2049e-7ffd9ba204ae 2137->2167 2138->2139 2186 7ffd9ba201cd-7ffd9ba201f2 2138->2186 2154 7ffd9ba201f6-7ffd9ba201fb 2139->2154 2140->2141 2141->2146 2148 7ffd9ba2037f-7ffd9ba20384 2142->2148 2143->2148 2144->2085 2164 7ffd9ba204bc-7ffd9ba204c2 2144->2164 2151 7ffd9ba2057d-7ffd9ba20585 2146->2151 2152 7ffd9ba20586-7ffd9ba20597 2146->2152 2147->2092 2156 7ffd9ba203f4-7ffd9ba20408 2148->2156 2157 7ffd9ba20386-7ffd9ba203dd call 7ffd9ba16ad0 2148->2157 2151->2152 2160 7ffd9ba205a2-7ffd9ba205dd 2152->2160 2161 7ffd9ba20599-7ffd9ba205a1 2152->2161 2162 7ffd9ba20201-7ffd9ba2020d 2154->2162 2163 7ffd9ba202fc-7ffd9ba2031f 2154->2163 2168 7ffd9ba20457-7ffd9ba20463 call 7ffd9ba19a00 2156->2168 2169 7ffd9ba2040a-7ffd9ba20435 call 7ffd9ba16ad0 2156->2169 2213 7ffd9ba2044e-7ffd9ba20454 2157->2213 2214 7ffd9ba203df-7ffd9ba203e3 2157->2214 2179 7ffd9ba205e4-7ffd9ba205ef 2160->2179 2180 7ffd9ba205df call 7ffd9ba1db00 2160->2180 2161->2160 2162->2074 2172 7ffd9ba20213-7ffd9ba20222 2162->2172 2177 7ffd9ba20325-7ffd9ba20326 2163->2177 2173 7ffd9ba204c3-7ffd9ba204cb 2164->2173 2185 7ffd9ba20464-7ffd9ba2047c 2168->2185 2193 7ffd9ba2043a-7ffd9ba20442 2169->2193 2174 7ffd9ba20224-7ffd9ba20233 2172->2174 2175 7ffd9ba20235-7ffd9ba20242 call 7ffd9ba102e8 2172->2175 2173->2074 2194 7ffd9ba20248-7ffd9ba2024e 2174->2194 2175->2194 2177->2127 2195 7ffd9ba20601 2179->2195 2196 7ffd9ba205f1-7ffd9ba205ff 2179->2196 2180->2179 2185->2074 2191 7ffd9ba2047e-7ffd9ba2048e 2185->2191 2186->2154 2198 7ffd9ba20490-7ffd9ba2049b 2191->2198 2193->2144 2200 7ffd9ba20444-7ffd9ba20447 2193->2200 2202 7ffd9ba20250-7ffd9ba2027d 2194->2202 2203 7ffd9ba20283-7ffd9ba20288 2194->2203 2201 7ffd9ba20603-7ffd9ba20608 2195->2201 2196->2201 2198->2167 2200->2173 2205 7ffd9ba20449 2200->2205 2206 7ffd9ba2061f-7ffd9ba20627 call 7ffd9ba16ae8 2201->2206 2207 7ffd9ba2060a-7ffd9ba2061d call 7ffd9ba142c0 2201->2207 2202->2203 2203->2074 2210 7ffd9ba2028e-7ffd9ba202ae 2203->2210 2205->2198 2211 7ffd9ba2044b 2205->2211 2220 7ffd9ba2062c-7ffd9ba20633 2206->2220 2207->2220 2221 7ffd9ba202b0-7ffd9ba202bf 2210->2221 2222 7ffd9ba202c2-7ffd9ba202f2 call 7ffd9ba1b180 2210->2222 2211->2213 2213->2168 2214->2185 2219 7ffd9ba203e5-7ffd9ba203ef 2214->2219 2219->2156 2221->2222 2226 7ffd9ba202f7-7ffd9ba202fa 2222->2226 2226->2127
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.1877433442.00007FFD9BA10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA10000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_7ffd9ba10000_FW URGENT RFQ-400098211.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 5eee5efc98a8501cf7ae91e0af69ce0e624f0b3ce8374edee4ed28fbcbcc0be4
                                                                                                                • Instruction ID: 72042b3a87e7bfa31808f0e1f1acb155bfd82937f6b9809d48dde3f00b02d301
                                                                                                                • Opcode Fuzzy Hash: 5eee5efc98a8501cf7ae91e0af69ce0e624f0b3ce8374edee4ed28fbcbcc0be4
                                                                                                                • Instruction Fuzzy Hash: E942F330B0DA0D8FDBB8DB688465A7977E1FF59700B1501BEE48EC72A2CE24ED428745
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFD9BA27268 Relevance: .8, Instructions: 839COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 2227 7ffd9ba27268-7ffd9ba2fa2e 2232 7ffd9ba2fa30-7ffd9ba2fa36 2227->2232 2233 7ffd9ba2fa4b-7ffd9ba2fa5c 2227->2233 2234 7ffd9ba2fa91-7ffd9ba2fb0a 2232->2234 2235 7ffd9ba2fa38-7ffd9ba2fa49 2232->2235 2236 7ffd9ba2fa6d-7ffd9ba2fa90 2233->2236 2237 7ffd9ba2fa5e-7ffd9ba2fa69 2233->2237 2246 7ffd9ba2fb1e-7ffd9ba2fb71 2234->2246 2247 7ffd9ba2fb0c-7ffd9ba2fb1c 2234->2247 2235->2232 2235->2233 2237->2236 2252 7ffd9ba2fb73-7ffd9ba2fb79 2246->2252 2253 7ffd9ba2fbc7-7ffd9ba2fbce 2246->2253 2247->2246 2247->2247 2252->2253 2256 7ffd9ba2fb7b-7ffd9ba2fb7c 2252->2256 2254 7ffd9ba2fc0f-7ffd9ba2fc38 2253->2254 2255 7ffd9ba2fbd0-7ffd9ba2fbd1 2253->2255 2258 7ffd9ba2fbd4-7ffd9ba2fbd7 2255->2258 2257 7ffd9ba2fb7f-7ffd9ba2fb82 2256->2257 2259 7ffd9ba2fb88-7ffd9ba2fb98 2257->2259 2260 7ffd9ba2fc39-7ffd9ba2fcb9 call 7ffd9ba1ad08 2257->2260 2258->2260 2261 7ffd9ba2fbd9-7ffd9ba2fbea 2258->2261 2263 7ffd9ba2fbc0-7ffd9ba2fbc5 2259->2263 2264 7ffd9ba2fb9a-7ffd9ba2fbbc 2259->2264 2274 7ffd9ba2fcd8 2260->2274 2275 7ffd9ba2fcbb-7ffd9ba2fcd6 call 7ffd9ba1ad08 2260->2275 2265 7ffd9ba2fc06-7ffd9ba2fc0d 2261->2265 2266 7ffd9ba2fbec-7ffd9ba2fbf2 2261->2266 2263->2253 2263->2257 2264->2263 2265->2254 2265->2258 2266->2260 2269 7ffd9ba2fbf4-7ffd9ba2fc02 2266->2269 2269->2265 2277 7ffd9ba2fcda-7ffd9ba2fce9 2274->2277 2275->2277 2279 7ffd9ba2fd00-7ffd9ba2fd10 call 7ffd9ba1ad08 2277->2279 2280 7ffd9ba2fceb-7ffd9ba2fcfe call 7ffd9ba1ad08 2277->2280 2285 7ffd9ba2fd13-7ffd9ba2fd1b 2279->2285 2280->2285 2286 7ffd9ba2fd1d-7ffd9ba2fd1f 2285->2286 2287 7ffd9ba2fd21 2285->2287 2288 7ffd9ba2fd23-7ffd9ba2fd29 2286->2288 2287->2288 2289 7ffd9ba2fd2b-7ffd9ba2fd39 call 7ffd9ba1ad28 2288->2289 2290 7ffd9ba2fd5a-7ffd9ba2fd69 call 7ffd9ba1ad88 2288->2290 2295 7ffd9ba2fd70-7ffd9ba2fd78 2289->2295 2296 7ffd9ba2fd3b-7ffd9ba2fd3e 2289->2296 2290->2295 2297 7ffd9ba2fd43-7ffd9ba2fd7b call 7ffd9ba1adb0 call 7ffd9ba1ad40 2295->2297 2296->2297 2303 7ffd9ba2fd7d-7ffd9ba2fd8f call 7ffd9ba1ada8 2297->2303 2306 7ffd9ba30060-7ffd9ba3006f call 7ffd9ba1ad88 2303->2306 2307 7ffd9ba2fd95-7ffd9ba2fda9 call 7ffd9ba1ada0 2303->2307 2314 7ffd9ba30076-7ffd9ba30085 call 7ffd9ba1ad88 2306->2314 2312 7ffd9ba2fdaf-7ffd9ba2fdcd call 7ffd9ba1ad28 2307->2312 2313 7ffd9ba30110-7ffd9ba30114 2307->2313 2319 7ffd9ba2fdd3-7ffd9ba2fde4 2312->2319 2320 7ffd9ba30119 2312->2320 2323 7ffd9ba3008c-7ffd9ba3009b call 7ffd9ba1ad88 2314->2323 2321 7ffd9ba300fa-7ffd9ba30109 call 7ffd9ba1ad88 2319->2321 2322 7ffd9ba2fdea-7ffd9ba2fded 2319->2322 2326 7ffd9ba30123 2320->2326 2321->2313 2322->2321 2325 7ffd9ba2fdf3-7ffd9ba2fe08 call 7ffd9ba2eff8 2322->2325 2336 7ffd9ba300a2-7ffd9ba300b1 call 7ffd9ba1ad88 2323->2336 2325->2326 2333 7ffd9ba2fe0e-7ffd9ba2fe16 2325->2333 2330 7ffd9ba3012b 2326->2330 2335 7ffd9ba30133 2330->2335 2333->2330 2334 7ffd9ba2fe1c-7ffd9ba2fe24 2333->2334 2334->2335 2337 7ffd9ba2fe2a-7ffd9ba2fe38 2334->2337 2340 7ffd9ba3013c 2335->2340 2345 7ffd9ba300b8-7ffd9ba300c7 call 7ffd9ba1ad88 2336->2345 2339 7ffd9ba2fe3e-7ffd9ba2fe6b call 7ffd9ba1ad98 call 7ffd9ba1ad90 2337->2339 2337->2340 2351 7ffd9ba300e4-7ffd9ba300ed call 7ffd9ba1ad88 2339->2351 2352 7ffd9ba2fe71-7ffd9ba2fe79 2339->2352 2344 7ffd9ba30144-7ffd9ba30145 2340->2344 2349 7ffd9ba30150 2344->2349 2353 7ffd9ba300ce-7ffd9ba300dd call 7ffd9ba1ad88 2345->2353 2356 7ffd9ba3015b-7ffd9ba30170 call 7ffd9ba1ad70 2349->2356 2358 7ffd9ba300f2-7ffd9ba300f3 2351->2358 2352->2344 2355 7ffd9ba2fe7f-7ffd9ba2fe92 2352->2355 2353->2351 2359 7ffd9ba2fe94-7ffd9ba2fee4 call 7ffd9ba1ad08 call 7ffd9ba2f008 2355->2359 2360 7ffd9ba2ff0a-7ffd9ba2ff1b call 7ffd9ba1ad80 2355->2360 2356->2336 2368 7ffd9ba30176 2356->2368 2358->2321 2359->2353 2375 7ffd9ba2feea-7ffd9ba2ff08 2359->2375 2360->2349 2369 7ffd9ba2ff21-7ffd9ba2ff33 2360->2369 2371 7ffd9ba3017b-7ffd9ba30183 2368->2371 2369->2356 2372 7ffd9ba2ff39-7ffd9ba2ff4e call 7ffd9ba1ad78 2369->2372 2376 7ffd9ba3018c-7ffd9ba301a1 2371->2376 2372->2345 2378 7ffd9ba2ff54-7ffd9ba2ff8d call 7ffd9ba1ad68 2372->2378 2375->2359 2375->2360 2379 7ffd9ba301a8-7ffd9ba301b9 call 7ffd9ba1ad58 2376->2379 2378->2371 2384 7ffd9ba2ff93-7ffd9ba2ffbb call 7ffd9ba2f018 2378->2384 2385 7ffd9ba301bf 2379->2385 2386 7ffd9ba3004a-7ffd9ba30059 call 7ffd9ba1ad88 2379->2386 2384->2323 2392 7ffd9ba2ffc1-7ffd9ba2ffc9 2384->2392 2390 7ffd9ba301c4 2385->2390 2386->2306 2394 7ffd9ba301ce-7ffd9ba301e2 2390->2394 2392->2376 2393 7ffd9ba2ffcf-7ffd9ba2ffee 2392->2393 2393->2379 2395 7ffd9ba2fff4-7ffd9ba2fffe call 7ffd9ba1ad60 2393->2395 2397 7ffd9ba30003-7ffd9ba30005 2395->2397 2397->2314 2398 7ffd9ba30007-7ffd9ba30022 call 7ffd9ba1ad50 call 7ffd9ba1ad28 2397->2398 2398->2390 2403 7ffd9ba30028-7ffd9ba3003f 2398->2403 2403->2303 2404 7ffd9ba30045 2403->2404 2404->2394
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.1877433442.00007FFD9BA10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA10000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_7ffd9ba10000_FW URGENT RFQ-400098211.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 80924be1cc119889d84500a13619d0ca80648b96ba544cc8508e1e91fbbef0aa
                                                                                                                • Instruction ID: 27136ce27f5e8ee5813a9f2b29650417660b0b3605c6417d255f9c7baa41df74
                                                                                                                • Opcode Fuzzy Hash: 80924be1cc119889d84500a13619d0ca80648b96ba544cc8508e1e91fbbef0aa
                                                                                                                • Instruction Fuzzy Hash: 8842BF30B19A4E4FEBA8EB58C4626B973E1FF55300F114179D85EC72E6DE78B9428B40
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFD9BA1E599 Relevance: .5, Instructions: 506COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.1877433442.00007FFD9BA10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA10000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_7ffd9ba10000_FW URGENT RFQ-400098211.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: e2d36233b7013ab69e0a316396c1ecea29326220876a10d7caf3028c0adeb99b
                                                                                                                • Instruction ID: cba8dfd26aad31d73aff1afdd9910b63cca7da005995324145b1421d8b061fbd
                                                                                                                • Opcode Fuzzy Hash: e2d36233b7013ab69e0a316396c1ecea29326220876a10d7caf3028c0adeb99b
                                                                                                                • Instruction Fuzzy Hash: C6E17A3160DB9A0FE3A9CB6884A51B5B7E2FF90301B15467ED4C6C72B1DE78A942C781
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFD9BA16C8C Relevance: .2, Instructions: 244COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.1877433442.00007FFD9BA10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA10000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_7ffd9ba10000_FW URGENT RFQ-400098211.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 76c9e2d1993a4fe3d645e5438a4daf3e181bf9817267d19f75866a4ec55799ff
                                                                                                                • Instruction ID: dfddbcb348c5597835c66243373c7a0af544584af68d25c9f933f007fa579123
                                                                                                                • Opcode Fuzzy Hash: 76c9e2d1993a4fe3d645e5438a4daf3e181bf9817267d19f75866a4ec55799ff
                                                                                                                • Instruction Fuzzy Hash: DD61C53171DA4D4FD768EB6898654B9B3E1FF95310B01157EE48BC3292DE24E9428682
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFD9BA2774B Relevance: .2, Instructions: 170COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.1877433442.00007FFD9BA10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA10000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_7ffd9ba10000_FW URGENT RFQ-400098211.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 526e8db5e62a9c24f80b184971160b1560b8ce71588d87aac88bf35b08cd1d82
                                                                                                                • Instruction ID: 8064adc055cedaf3a40cb5feb32fd8786d0504e47c017e3825528571ab7f7884
                                                                                                                • Opcode Fuzzy Hash: 526e8db5e62a9c24f80b184971160b1560b8ce71588d87aac88bf35b08cd1d82
                                                                                                                • Instruction Fuzzy Hash: A9417A3260D28D0FD71D9B3888661B57B95EB92220B16C2BFD4CBC71A7DD6469478381
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFD9BAF026B Relevance: 2.3, Strings: 1, Instructions: 1025COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 481 7ffd9baf026b-7ffd9baf026d 482 7ffd9baf03b1-7ffd9baf03b7 481->482 483 7ffd9baf026e-7ffd9baf027c 481->483 486 7ffd9baf03b9-7ffd9baf03c8 482->486 485 7ffd9baf0284-7ffd9baf0286 483->485 487 7ffd9baf02f7-7ffd9baf0306 485->487 488 7ffd9baf0288-7ffd9baf0289 485->488 490 7ffd9baf03c9-7ffd9baf0427 486->490 489 7ffd9baf0307-7ffd9baf0309 487->489 491 7ffd9baf028b 488->491 492 7ffd9baf024f-7ffd9baf026a 488->492 489->482 493 7ffd9baf030a-7ffd9baf0348 489->493 506 7ffd9baf045c-7ffd9baf0474 490->506 507 7ffd9baf0429-7ffd9baf0440 490->507 491->489 496 7ffd9baf028d 491->496 492->481 493->486 518 7ffd9baf034a-7ffd9baf034d 493->518 498 7ffd9baf02d4 496->498 499 7ffd9baf028f-7ffd9baf02a0 496->499 498->482 500 7ffd9baf02da-7ffd9baf02f5 498->500 503 7ffd9baf0233-7ffd9baf024e 499->503 504 7ffd9baf02a2-7ffd9baf02b8 499->504 500->487 503->492 504->482 508 7ffd9baf02be-7ffd9baf02d1 504->508 509 7ffd9baf04b1-7ffd9baf04d0 507->509 510 7ffd9baf0442-7ffd9baf045a 507->510 508->498 513 7ffd9baf04d1-7ffd9baf04e7 509->513 510->506 510->513 521 7ffd9baf051c-7ffd9baf0534 513->521 522 7ffd9baf04e9-7ffd9baf0500 513->522 518->490 520 7ffd9baf034f 518->520 523 7ffd9baf0396-7ffd9baf03b0 520->523 524 7ffd9baf0351-7ffd9baf035f 520->524 525 7ffd9baf0571-7ffd9baf0590 522->525 526 7ffd9baf0502-7ffd9baf051a 522->526 524->523 531 7ffd9baf0597-7ffd9baf05a7 525->531 532 7ffd9baf0592-7ffd9baf0595 525->532 526->521 535 7ffd9baf05dc-7ffd9baf05f4 531->535 536 7ffd9baf05a9-7ffd9baf05c0 531->536 532->531 538 7ffd9baf0631-7ffd9baf0668 536->538 539 7ffd9baf05c2-7ffd9baf05da 536->539 544 7ffd9baf066a-7ffd9baf067a 538->544 545 7ffd9baf069d-7ffd9baf06a8 538->545 539->535 546 7ffd9baf06eb-7ffd9baf06f9 544->546 547 7ffd9baf067c-7ffd9baf067e 544->547 552 7ffd9baf06bc-7ffd9baf06c5 545->552 553 7ffd9baf06aa-7ffd9baf06b9 545->553 550 7ffd9baf06fa-7ffd9baf073c 546->550 547->550 551 7ffd9baf0680 547->551 560 7ffd9baf0786-7ffd9baf078b 550->560 561 7ffd9baf073e-7ffd9baf0772 550->561 554 7ffd9baf06c6-7ffd9baf06c7 551->554 556 7ffd9baf0682-7ffd9baf069c 551->556 552->554 553->552 556->545 563 7ffd9baf0a42-7ffd9baf0a56 560->563 564 7ffd9baf078c-7ffd9baf079e 560->564 562 7ffd9baf0778-7ffd9baf0781 561->562 561->563 565 7ffd9baf0783-7ffd9baf0785 562->565 570 7ffd9baf0a57-7ffd9baf0ab7 563->570 566 7ffd9baf079f-7ffd9baf07bd 564->566 565->560 566->563 569 7ffd9baf07c3-7ffd9baf07d6 566->569 574 7ffd9baf0847-7ffd9baf0856 569->574 575 7ffd9baf07d8-7ffd9baf07d9 569->575 576 7ffd9baf0aec-7ffd9baf0b04 570->576 577 7ffd9baf0ab9-7ffd9baf0ad0 570->577 582 7ffd9baf0857-7ffd9baf0859 574->582 575->566 578 7ffd9baf07db 575->578 579 7ffd9baf0b41-7ffd9baf0b77 576->579 577->579 580 7ffd9baf0ad2-7ffd9baf0aeb 577->580 578->582 583 7ffd9baf07dd 578->583 590 7ffd9baf0bac-7ffd9baf0bc4 579->590 591 7ffd9baf0b79-7ffd9baf0b90 579->591 580->576 582->563 586 7ffd9baf085a-7ffd9baf0872 582->586 587 7ffd9baf0824 583->587 588 7ffd9baf07df-7ffd9baf07f0 583->588 602 7ffd9baf08e3-7ffd9baf08f0 586->602 603 7ffd9baf0874-7ffd9baf0877 586->603 587->563 593 7ffd9baf082a-7ffd9baf0845 587->593 588->565 599 7ffd9baf07f2-7ffd9baf0808 588->599 594 7ffd9baf0c01-7ffd9baf0c50 591->594 595 7ffd9baf0b92-7ffd9baf0bab 591->595 593->574 617 7ffd9baf0cc1-7ffd9baf0cfe 594->617 618 7ffd9baf0c52-7ffd9baf0c84 594->618 595->590 599->563 606 7ffd9baf080e-7ffd9baf0821 599->606 605 7ffd9baf08f3 602->605 604 7ffd9baf0879 603->604 603->605 610 7ffd9baf087b-7ffd9baf08a2 604->610 611 7ffd9baf08c0 604->611 605->563 613 7ffd9baf08f9-7ffd9baf090c 605->613 606->587 610->563 614 7ffd9baf08a8-7ffd9baf08be 610->614 615 7ffd9baf08c3-7ffd9baf08e1 611->615 616 7ffd9baf08c2 611->616 625 7ffd9baf097d-7ffd9baf0990 613->625 626 7ffd9baf090e-7ffd9baf0912 613->626 614->563 614->611 615->602 616->615 627 7ffd9baf0993 625->627 626->627 629 7ffd9baf0914 626->629 627->563 630 7ffd9baf0999-7ffd9baf09b5 627->630 632 7ffd9baf0974-7ffd9baf097b 629->632 635 7ffd9baf09b7-7ffd9baf09cc 630->635 636 7ffd9baf09d2-7ffd9baf09e6 630->636 632->625 635->636 636->570 637 7ffd9baf09e8-7ffd9baf09ed 636->637 637->632 639 7ffd9baf09ef 637->639 639->563
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.1877773351.00007FFD9BAF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAF0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_7ffd9baf0000_FW URGENT RFQ-400098211.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: A
                                                                                                                • API String ID: 0-3554254475
                                                                                                                • Opcode ID: 7fcee945511583ebf826d4728be0b834d5d4c2a5278d62cf73931a8c6c56efee
                                                                                                                • Instruction ID: 8f535752fdddb0994b396b0f4866530627d5f53c0ddd0b0cbae226b55943240b
                                                                                                                • Opcode Fuzzy Hash: 7fcee945511583ebf826d4728be0b834d5d4c2a5278d62cf73931a8c6c56efee
                                                                                                                • Instruction Fuzzy Hash: 6E627972B0EB894FE776DB6888655E47FE0FF51700F0901FED089CB0A2DAA46906C785
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFD9BA2EEB8 Relevance: 2.1, APIs: 1, Instructions: 558COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 640 7ffd9ba2eeb8-7ffd9ba2efd9 664 7ffd9ba2f02f-7ffd9ba2f090 640->664 665 7ffd9ba2efdb-7ffd9ba2f016 640->665 679 7ffd9ba2f092-7ffd9ba2f0b7 664->679 680 7ffd9ba2f0b9-7ffd9ba31398 Wow64SetThreadContext 664->680 679->680 688 7ffd9ba313a0-7ffd9ba313c7 680->688 689 7ffd9ba3139a 680->689 689->688
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.1877433442.00007FFD9BA10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA10000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_7ffd9ba10000_FW URGENT RFQ-400098211.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 1134d2e0ad5af7f67a2614f17cbd2144bd08b9a40043db140a1a5ad70b5c922f
                                                                                                                • Instruction ID: 331ee361282ad83f0180419135ab44370a862c021bf73dd671eaac171faa7752
                                                                                                                • Opcode Fuzzy Hash: 1134d2e0ad5af7f67a2614f17cbd2144bd08b9a40043db140a1a5ad70b5c922f
                                                                                                                • Instruction Fuzzy Hash: 98D18123B0F6CA0FE716EB6C68B15E53FA0EF52214B0941FBD0C9870E7E9166949C351
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFD9BA15A0A Relevance: 1.7, APIs: 1, Instructions: 153memoryCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 1264 7ffd9ba15a0a-7ffd9ba15a17 1265 7ffd9ba15a22-7ffd9ba15a33 1264->1265 1266 7ffd9ba15a19-7ffd9ba15a21 1264->1266 1267 7ffd9ba15a3e-7ffd9ba15a49 1265->1267 1268 7ffd9ba15a35-7ffd9ba15a3d 1265->1268 1266->1265 1269 7ffd9ba159f4-7ffd9ba15a06 1267->1269 1270 7ffd9ba15a4b-7ffd9ba15aef VirtualProtect 1267->1270 1268->1267 1275 7ffd9ba15af1 1270->1275 1276 7ffd9ba15af7-7ffd9ba15b1f 1270->1276 1275->1276
                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.1877433442.00007FFD9BA10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA10000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_7ffd9ba10000_FW URGENT RFQ-400098211.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ProtectVirtual
                                                                                                                • String ID:
                                                                                                                • API String ID: 544645111-0
                                                                                                                • Opcode ID: 786f75d35f282c76dbf6974c2a4ecdd7008322adcfd2c44787c8e3e444fd7855
                                                                                                                • Instruction ID: 585fa27d193824ccb88949e0fb25b4605f62913d1bec2e3c6362341f6de9653d
                                                                                                                • Opcode Fuzzy Hash: 786f75d35f282c76dbf6974c2a4ecdd7008322adcfd2c44787c8e3e444fd7855
                                                                                                                • Instruction Fuzzy Hash: F0414831A0D7884FD7199BA8AC4A6F87FF0EF56321F0442AFD089C31A3CB656856C791
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFD9BAF0D71 Relevance: .9, Instructions: 933COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 1917 7ffd9baf0d71-7ffd9baf0d91 1918 7ffd9baf0de8-7ffd9baf0e10 1917->1918 1919 7ffd9baf0d93-7ffd9baf0de2 1917->1919 1926 7ffd9baf0e12-7ffd9baf0e26 1918->1926 1927 7ffd9baf0e3e-7ffd9baf0ecf 1918->1927 1919->1918 1933 7ffd9baf1027-7ffd9baf1036 1927->1933 1934 7ffd9baf0ed5-7ffd9baf0ee8 1927->1934 1938 7ffd9baf1038-7ffd9baf1039 1933->1938 1934->1933 1935 7ffd9baf0eee-7ffd9baf0f05 1934->1935 1937 7ffd9baf0f07-7ffd9baf0f1a 1935->1937 1937->1933 1939 7ffd9baf0f20-7ffd9baf0f33 1937->1939 1940 7ffd9baf103b 1938->1940 1941 7ffd9baf103c-7ffd9baf1051 1938->1941 1948 7ffd9baf0f35-7ffd9baf0f36 1939->1948 1949 7ffd9baf0fa4-7ffd9baf0fb6 1939->1949 1940->1941 1942 7ffd9baf105b-7ffd9baf1069 1941->1942 1943 7ffd9baf10a8-7ffd9baf10b0 1941->1943 1951 7ffd9baf106b-7ffd9baf1097 1942->1951 1946 7ffd9baf1121-7ffd9baf1157 1943->1946 1947 7ffd9baf10b2-7ffd9baf10ca 1943->1947 1960 7ffd9baf118c-7ffd9baf11a4 1946->1960 1961 7ffd9baf1159-7ffd9baf1170 1946->1961 1963 7ffd9baf10cc-7ffd9baf10e4 1947->1963 1953 7ffd9baf0efc-7ffd9baf0f05 1948->1953 1954 7ffd9baf0f38-7ffd9baf0f3a 1948->1954 1949->1933 1950 7ffd9baf0fb8-7ffd9baf0fea 1949->1950 1950->1942 1976 7ffd9baf0fec-7ffd9baf0fef 1950->1976 1951->1963 1964 7ffd9baf1099-7ffd9baf10b0 1951->1964 1953->1937 1965 7ffd9baf0f3c-7ffd9baf0f65 1954->1965 1966 7ffd9baf0f81 1954->1966 1968 7ffd9baf11e1-7ffd9baf1217 1961->1968 1969 7ffd9baf1172-7ffd9baf118a 1961->1969 1964->1946 1964->1947 1965->1933 1977 7ffd9baf0f6b-7ffd9baf0f7e 1965->1977 1966->1933 1967 7ffd9baf0f87-7ffd9baf0fa2 1966->1967 1967->1949 1985 7ffd9baf124c-7ffd9baf1264 1968->1985 1986 7ffd9baf1219-7ffd9baf1230 1968->1986 1969->1960 1976->1951 1980 7ffd9baf0ff1 1976->1980 1977->1966 1980->1938 1982 7ffd9baf0ff3-7ffd9baf1026 1980->1982 1988 7ffd9baf12a1-7ffd9baf12d9 1986->1988 1989 7ffd9baf1232-7ffd9baf124a 1986->1989 1993 7ffd9baf12db-7ffd9baf1309 1988->1993 1994 7ffd9baf1323-7ffd9baf133f 1988->1994 1989->1985 1996 7ffd9baf13b5-7ffd9baf13c5 1993->1996 1997 7ffd9baf130f-7ffd9baf1322 1993->1997 1998 7ffd9baf1341-7ffd9baf1354 1994->1998 2002 7ffd9baf13c7 1996->2002 2003 7ffd9baf13c8-7ffd9baf13e1 1996->2003 1997->1996 1999 7ffd9baf1328-7ffd9baf133f 1997->1999 1998->1996 2000 7ffd9baf1356-7ffd9baf1380 1998->2000 1999->1998 2009 7ffd9baf13f1-7ffd9baf13ff 2000->2009 2010 7ffd9baf1382-7ffd9baf1385 2000->2010 2002->2003 2005 7ffd9baf1438-7ffd9baf1440 2003->2005 2006 7ffd9baf13e2-7ffd9baf13ef 2003->2006 2011 7ffd9baf14b1-7ffd9baf14bf 2005->2011 2012 7ffd9baf1442-7ffd9baf145a 2005->2012 2006->2009 2015 7ffd9baf1401-7ffd9baf1427 2009->2015 2010->2015 2019 7ffd9baf1387-7ffd9baf13b4 2010->2019 2013 7ffd9baf14c1-7ffd9baf14e8 2011->2013 2012->2013 2021 7ffd9baf145c-7ffd9baf1474 2012->2021 2026 7ffd9baf14ea-7ffd9baf14fa 2013->2026 2027 7ffd9baf151d-7ffd9baf1528 2013->2027 2015->2021 2029 7ffd9baf1429-7ffd9baf1435 2015->2029 2032 7ffd9baf156b-7ffd9baf1571 2026->2032 2033 7ffd9baf14fc-7ffd9baf14fe 2026->2033 2035 7ffd9baf153c-7ffd9baf1544 2027->2035 2036 7ffd9baf152a-7ffd9baf1536 2027->2036 2029->2005 2039 7ffd9baf157a-7ffd9baf1623 2032->2039 2033->2039 2040 7ffd9baf1500 2033->2040 2038 7ffd9baf1546-7ffd9baf1549 2035->2038 2041 7ffd9baf1537-7ffd9baf1538 2036->2041 2056 7ffd9baf1637-7ffd9baf1641 2039->2056 2057 7ffd9baf1625-7ffd9baf162f 2039->2057 2040->2038 2043 7ffd9baf1502-7ffd9baf151c 2040->2043 2048 7ffd9baf153a-7ffd9baf153b 2041->2048 2043->2027 2048->2035 2058 7ffd9baf1631-7ffd9baf1633 2057->2058 2058->2058 2059 7ffd9baf1635-7ffd9baf1636 2058->2059 2059->2056
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.1877773351.00007FFD9BAF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAF0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_7ffd9baf0000_FW URGENT RFQ-400098211.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 93c08605203060f4f2017d73c96fd9543d1aed02acdc9299f3cddc90663a42b5
                                                                                                                • Instruction ID: 1e7463dee327fa6793261d2c1d268045e71de7836ec808166ef3855044c3fcc9
                                                                                                                • Opcode Fuzzy Hash: 93c08605203060f4f2017d73c96fd9543d1aed02acdc9299f3cddc90663a42b5
                                                                                                                • Instruction Fuzzy Hash: 5C520972B0E7C94FE766DB6888655E47FE0EF66300F0A06FED489C70A3D9696906C341
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00007FFD9BAF1269 Relevance: .2, Instructions: 150COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.1877773351.00007FFD9BAF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAF0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_7ffd9baf0000_FW URGENT RFQ-400098211.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: a0f810859d0377e79bea1244c738701896b945eef8c08d4ec18d3bd09dda2a0e
                                                                                                                • Instruction ID: 5c56709aa6592f8aac1dfc2b43ecdfad85f0242dcaed4de13b2ff2b90e4fcbe8
                                                                                                                • Opcode Fuzzy Hash: a0f810859d0377e79bea1244c738701896b945eef8c08d4ec18d3bd09dda2a0e
                                                                                                                • Instruction Fuzzy Hash: 3C413831A0EB8D4FDB96DB64C8654F87FF0FF25300B0502BAD489C75A2DA65B906C740
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Execution Graph

                                                                                                                Execution Coverage:11.4%
                                                                                                                Dynamic/Decrypted Code Coverage:100%
                                                                                                                Signature Coverage:0%
                                                                                                                Total number of Nodes:17
                                                                                                                Total number of Limit Nodes:1
                                                                                                                execution_graph 32109 72c2f68 32110 72c2f90 32109->32110 32113 72c2fbc 32109->32113 32111 72c2f99 32110->32111 32114 72c23f4 32110->32114 32115 72c23ff 32114->32115 32116 72c32b3 32115->32116 32118 72c2410 32115->32118 32116->32113 32119 72c32e8 OleInitialize 32118->32119 32120 72c334c 32119->32120 32120->32116 32121 18970b0 32122 18970f4 CheckRemoteDebuggerPresent 32121->32122 32123 1897136 32122->32123 32124 72c0c70 32125 72c0cb9 32124->32125 32126 72c0cb2 32124->32126 32126->32125 32127 72c0d0a CallWindowProcW 32126->32127 32127->32125

                                                                                                                Executed Functions

                                                                                                                Function 06D259B0 Relevance: 9.0, Strings: 6, Instructions: 1482COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.2878077657.0000000006D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D20000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_6d20000_MSBuild.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: $dq$$dq$$dq$$dq$$dq$$dq
                                                                                                                • API String ID: 0-2331353128
                                                                                                                • Opcode ID: 5a573c622cd615e7b132bf7d9f5a2d2f18835b12bb6eb2c0c339487c52c98ce9
                                                                                                                • Instruction ID: 3704aa0760349f11aa3b0d68ed4dececf128abfc8e528b860add2abb5fa40f7b
                                                                                                                • Opcode Fuzzy Hash: 5a573c622cd615e7b132bf7d9f5a2d2f18835b12bb6eb2c0c339487c52c98ce9
                                                                                                                • Instruction Fuzzy Hash: 97D26B34E00316CFDB64DB68C584AADB7B2FF99304F54C5A9D409AB265EB34ED81CB80
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 06D2E840 Relevance: 8.3, Strings: 6, Instructions: 768COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.2878077657.0000000006D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D20000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_6d20000_MSBuild.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: $dq$$dq$$dq$$dq$$dq$$dq
                                                                                                                • API String ID: 0-2331353128
                                                                                                                • Opcode ID: e272e39177c2cf37e8df89d1d799edc551ef699de5ecf8e929bc697c1f70c13d
                                                                                                                • Instruction ID: 318c09f32e59765d2b1d95c63402bbd61f637d984785b6d26b2826c0d695bed9
                                                                                                                • Opcode Fuzzy Hash: e272e39177c2cf37e8df89d1d799edc551ef699de5ecf8e929bc697c1f70c13d
                                                                                                                • Instruction Fuzzy Hash: 55526170E1022A8FDB64CBA8D5947AEB7F2FB99314F208929D409DB391DB35DC81CB51
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 018970B0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 65COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 1334 18970b0-1897134 CheckRemoteDebuggerPresent 1336 189713d-1897178 1334->1336 1337 1897136-189713c 1334->1337 1337->1336
                                                                                                                APIs
                                                                                                                • CheckRemoteDebuggerPresent.KERNELBASE(?,?), ref: 01897127
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.2872599278.0000000001890000.00000040.00000800.00020000.00000000.sdmp, Offset: 01890000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1890000_MSBuild.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CheckDebuggerPresentRemote
                                                                                                                • String ID: ?4K
                                                                                                                • API String ID: 3662101638-677986170
                                                                                                                • Opcode ID: a2230fd891b497b1b32bf8faca54be51e1c8d4ae5521ee258cfd1cc13516e0cd
                                                                                                                • Instruction ID: fd0a9936cbcd861f462a77371794923f997b1b9c880a651c7b74fd8bad9d9555
                                                                                                                • Opcode Fuzzy Hash: a2230fd891b497b1b32bf8faca54be51e1c8d4ae5521ee258cfd1cc13516e0cd
                                                                                                                • Instruction Fuzzy Hash: 732157B18002598FCB00DF9AD884BEEFBF5EF48320F14842AE459A3340D738AA44CF61
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 06D20040 Relevance: 3.0, Instructions: 3026COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.2878077657.0000000006D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D20000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_6d20000_MSBuild.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 14f6869e27e7845b7e87c83da965f716fef2bc5eef6c1490fb71537fb1d532ce
                                                                                                                • Instruction ID: ed628a0fcd2185b9e8fdea7675e65815118c797a745aa8006c72184469a86ba1
                                                                                                                • Opcode Fuzzy Hash: 14f6869e27e7845b7e87c83da965f716fef2bc5eef6c1490fb71537fb1d532ce
                                                                                                                • Instruction Fuzzy Hash: 3D630931D10B1A8EDB51EF68C8846A9F7B1FF99300F55C79AE45877121EB70AAC4CB81
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 06D232D0 Relevance: 2.3, Instructions: 2307COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.2878077657.0000000006D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D20000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_6d20000_MSBuild.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: b2fdb8a3f8034a0b2d9be9661b996d79223422d80197a83f0280d8bb186d3a1b
                                                                                                                • Instruction ID: 7c528f873c5e7082839f933da8e09d26c8fc0d5f3f7285fcbf859a42806508d5
                                                                                                                • Opcode Fuzzy Hash: b2fdb8a3f8034a0b2d9be9661b996d79223422d80197a83f0280d8bb186d3a1b
                                                                                                                • Instruction Fuzzy Hash: 26332F31D1071A8ECB11EF68C8846ADF7B1FF99304F15C79AE459A7211EB70AAC5CB81
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 06D287C8 Relevance: 1.8, Strings: 1, Instructions: 587COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.2878077657.0000000006D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D20000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_6d20000_MSBuild.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: $
                                                                                                                • API String ID: 0-3993045852
                                                                                                                • Opcode ID: f37b29589e4085107bc0fe3a69f06248abb71e5ddaaa1b03a681bfdd34047ae7
                                                                                                                • Instruction ID: 29f4c7285778c93768bba1fc688308a96e4b6e578ca708e68e913119db3e4666
                                                                                                                • Opcode Fuzzy Hash: f37b29589e4085107bc0fe3a69f06248abb71e5ddaaa1b03a681bfdd34047ae7
                                                                                                                • Instruction Fuzzy Hash: 4822C031E002268FDF60DBA4C5806AEF7B2FF99314F24846AD855EB394DA35DC49DB90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 06D29C00 Relevance: .8, Instructions: 817COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.2878077657.0000000006D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D20000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_6d20000_MSBuild.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: f8b558903ea382bcb14365a294ba31182ba9a5561b4d0c0d87926f32b0516608
                                                                                                                • Instruction ID: 242b600ac364fc62d2b32b2b4573d8345a0a0e622fe414a5930535e5d75824af
                                                                                                                • Opcode Fuzzy Hash: f8b558903ea382bcb14365a294ba31182ba9a5561b4d0c0d87926f32b0516608
                                                                                                                • Instruction Fuzzy Hash: 0B62BF34B002269FDB64DB68D594AADB7F2FF98319F148469E40ADB394DB35EC41CB80
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 06D2E2D8 Relevance: 10.4, Strings: 8, Instructions: 391COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 0 6d2e2d8-6d2e2f6 1 6d2e2f8-6d2e2fb 0->1 2 6d2e301-6d2e304 1->2 3 6d2e4f5-6d2e4fe 1->3 4 6d2e306-6d2e319 2->4 5 6d2e31e-6d2e321 2->5 6 6d2e360-6d2e369 3->6 7 6d2e504-6d2e50e 3->7 4->5 10 6d2e323-6d2e330 5->10 11 6d2e335-6d2e338 5->11 8 6d2e50f-6d2e546 6->8 9 6d2e36f-6d2e373 6->9 22 6d2e548-6d2e54b 8->22 12 6d2e378-6d2e37b 9->12 10->11 14 6d2e33a-6d2e356 11->14 15 6d2e35b-6d2e35e 11->15 16 6d2e38b-6d2e38e 12->16 17 6d2e37d-6d2e386 12->17 14->15 15->6 15->12 20 6d2e390-6d2e394 16->20 21 6d2e39f-6d2e3a2 16->21 17->16 20->7 26 6d2e39a 20->26 27 6d2e3a4-6d2e3a9 21->27 28 6d2e3ac-6d2e3ae 21->28 24 6d2e558-6d2e55b 22->24 25 6d2e54d-6d2e557 22->25 30 6d2e568-6d2e56b 24->30 31 6d2e55d-6d2e561 24->31 26->21 27->28 32 6d2e3b0 28->32 33 6d2e3b5-6d2e3b8 28->33 35 6d2e571-6d2e5ac 30->35 37 6d2e7d4-6d2e7d7 30->37 34 6d2e563 31->34 31->35 32->33 33->1 36 6d2e3be-6d2e3e2 33->36 34->30 44 6d2e5b2-6d2e5be 35->44 45 6d2e79f-6d2e7b2 35->45 53 6d2e4f2 36->53 54 6d2e3e8-6d2e3f7 36->54 38 6d2e7e6-6d2e7e9 37->38 39 6d2e7d9 37->39 42 6d2e7eb-6d2e807 38->42 43 6d2e80c-6d2e80e 38->43 124 6d2e7d9 call 6d2e840 39->124 125 6d2e7d9 call 6d2e830 39->125 42->43 47 6d2e810 43->47 48 6d2e815-6d2e818 43->48 57 6d2e5c0-6d2e5d9 44->57 58 6d2e5de-6d2e622 44->58 52 6d2e7b4 45->52 46 6d2e7df-6d2e7e1 46->38 47->48 48->22 49 6d2e81e-6d2e828 48->49 56 6d2e7b5 52->56 53->3 61 6d2e3f9-6d2e3ff 54->61 62 6d2e40f-6d2e44a call 6d29bb0 54->62 56->56 57->52 75 6d2e624-6d2e636 58->75 76 6d2e63e-6d2e67d 58->76 64 6d2e403-6d2e405 61->64 65 6d2e401 61->65 79 6d2e462-6d2e479 62->79 80 6d2e44c-6d2e452 62->80 64->62 65->62 75->76 84 6d2e683-6d2e75e call 6d29bb0 76->84 85 6d2e764-6d2e779 76->85 92 6d2e491-6d2e4a2 79->92 93 6d2e47b-6d2e481 79->93 82 6d2e456-6d2e458 80->82 83 6d2e454 80->83 82->79 83->79 84->85 85->45 99 6d2e4a4-6d2e4aa 92->99 100 6d2e4ba-6d2e4eb 92->100 95 6d2e483 93->95 96 6d2e485-6d2e487 93->96 95->92 96->92 102 6d2e4ae-6d2e4b0 99->102 103 6d2e4ac 99->103 100->53 102->100 103->100 124->46 125->46
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.2878077657.0000000006D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D20000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_6d20000_MSBuild.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: $dq$$dq$$dq$$dq$$dq$$dq$$dq$$dq
                                                                                                                • API String ID: 0-634254105
                                                                                                                • Opcode ID: ceb8e3bfb2f4b6afea74a423fde275b714ed7594eddde335e02d99a8dff96c6d
                                                                                                                • Instruction ID: 2527c93b1eafef73a447f3eb816509da856caa72cb4a539d6dad3682e4ae43bb
                                                                                                                • Opcode Fuzzy Hash: ceb8e3bfb2f4b6afea74a423fde275b714ed7594eddde335e02d99a8dff96c6d
                                                                                                                • Instruction Fuzzy Hash: 00E17D30E1022A8FDB65DBA9D5806AEB7F2FF98315F208529D409EB354DB34DC46CB91
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 06D2C758 Relevance: 5.2, Strings: 4, Instructions: 231COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 857 6d2c758-6d2c77d 858 6d2c77f-6d2c782 857->858 859 6d2c784-6d2c7a3 858->859 860 6d2c7a8-6d2c7ab 858->860 859->860 861 6d2c7b1-6d2c7c6 860->861 862 6d2d06b-6d2d06d 860->862 869 6d2c7c8-6d2c7ce 861->869 870 6d2c7de-6d2c7f4 861->870 864 6d2d074-6d2d077 862->864 865 6d2d06f 862->865 864->858 867 6d2d07d-6d2d087 864->867 865->864 871 6d2c7d2-6d2c7d4 869->871 872 6d2c7d0 869->872 874 6d2c7ff-6d2c801 870->874 871->870 872->870 875 6d2c803-6d2c809 874->875 876 6d2c819-6d2c88a 874->876 877 6d2c80b 875->877 878 6d2c80d-6d2c80f 875->878 887 6d2c8b6-6d2c8d2 876->887 888 6d2c88c-6d2c8af 876->888 877->876 878->876 893 6d2c8d4-6d2c8f7 887->893 894 6d2c8fe-6d2c919 887->894 888->887 893->894 899 6d2c944-6d2c95f 894->899 900 6d2c91b-6d2c93d 894->900 905 6d2c961-6d2c983 899->905 906 6d2c98a-6d2c994 899->906 900->899 905->906 907 6d2c996-6d2c99f 906->907 908 6d2c9a4-6d2ca1e 906->908 907->867 914 6d2ca20-6d2ca3e 908->914 915 6d2ca6b-6d2ca80 908->915 919 6d2ca40-6d2ca4f 914->919 920 6d2ca5a-6d2ca69 914->920 915->862 919->920 920->914 920->915
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.2878077657.0000000006D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D20000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_6d20000_MSBuild.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: $dq$$dq$$dq$$dq
                                                                                                                • API String ID: 0-185584874
                                                                                                                • Opcode ID: a5952ed057ae651b0b9745917a5dedd36b46219d61afe314af749180539fbe76
                                                                                                                • Instruction ID: ebb7cc750576dcc75f09eb849ad654aa709be96cc7e7090cbc04d88da957c1e3
                                                                                                                • Opcode Fuzzy Hash: a5952ed057ae651b0b9745917a5dedd36b46219d61afe314af749180539fbe76
                                                                                                                • Instruction Fuzzy Hash: 69919130B1021A9FDB94CB64D9917AEB7F6EFC8204F108569C809EB358EF30DD428B91
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 06D27DA0 Relevance: 3.9, Strings: 3, Instructions: 186COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 1250 6d27da0-6d27dc4 1251 6d27dc6-6d27dc9 1250->1251 1252 6d27dea-6d27ded 1251->1252 1253 6d27dcb-6d27de3 1251->1253 1254 6d27df3-6d27eeb 1252->1254 1255 6d284cc-6d284ce 1252->1255 1263 6d27d81 1253->1263 1264 6d27de5 1253->1264 1288 6d27ef1-6d27f39 1254->1288 1289 6d27f6e-6d27f75 1254->1289 1256 6d284d0 1255->1256 1257 6d284d5-6d284d8 1255->1257 1256->1257 1257->1251 1259 6d284de-6d284eb 1257->1259 1265 6d27d83-6d27d89 1263->1265 1266 6d27d26-6d27d29 1263->1266 1264->1252 1268 6d27d40-6d27d43 1266->1268 1269 6d27d2b-6d27d3b 1266->1269 1270 6d27d45-6d27d54 1268->1270 1271 6d27d59-6d27d5c 1268->1271 1269->1268 1270->1271 1272 6d27d75-6d27d77 1271->1272 1273 6d27d5e-6d27d70 1271->1273 1277 6d27d79 1272->1277 1278 6d27d7e 1272->1278 1273->1272 1277->1278 1278->1263 1311 6d27f3e call 6d28658 1288->1311 1312 6d27f3e call 6d28648 1288->1312 1290 6d27f7b-6d27feb 1289->1290 1291 6d27ff9-6d28002 1289->1291 1308 6d27ff6 1290->1308 1309 6d27fed 1290->1309 1291->1259 1302 6d27f44-6d27f60 1305 6d27f62 1302->1305 1306 6d27f6b-6d27f6c 1302->1306 1305->1306 1306->1289 1308->1291 1309->1308 1311->1302 1312->1302
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.2878077657.0000000006D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D20000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_6d20000_MSBuild.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: fiq$XPiq$\Oiq
                                                                                                                • API String ID: 0-1639307521
                                                                                                                • Opcode ID: 19c04fa6dc212ae3e7518e7c04d7e016b8662edbe0517cead49dfc8dff1d1b0a
                                                                                                                • Instruction ID: eb069f87e7b753fc43f54f028f57c1c257d62e7e786dcebf2594b5566adc2b1e
                                                                                                                • Opcode Fuzzy Hash: 19c04fa6dc212ae3e7518e7c04d7e016b8662edbe0517cead49dfc8dff1d1b0a
                                                                                                                • Instruction Fuzzy Hash: 41616075E002199FEB549FA5C8547AEBBF6FF88304F20842AE109EB395DE758C45CB50
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 072C0C70 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 93COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 1313 72c0c70-72c0cac 1314 72c0d5c-72c0d7c 1313->1314 1315 72c0cb2-72c0cb7 1313->1315 1321 72c0d7f-72c0d8c 1314->1321 1316 72c0cb9-72c0cf0 1315->1316 1317 72c0d0a-72c0d42 CallWindowProcW 1315->1317 1324 72c0cf9-72c0d08 1316->1324 1325 72c0cf2-72c0cf8 1316->1325 1318 72c0d4b-72c0d5a 1317->1318 1319 72c0d44-72c0d4a 1317->1319 1318->1321 1319->1318 1324->1321 1325->1324
                                                                                                                APIs
                                                                                                                • CallWindowProcW.USER32(?,?,?,?,?), ref: 072C0D31
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.2878253804.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_72c0000_MSBuild.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CallProcWindow
                                                                                                                • String ID: ?4K
                                                                                                                • API String ID: 2714655100-677986170
                                                                                                                • Opcode ID: 2073a97df554e210247604c6f0992bd3deb581942e92fb5222059d2d443d5cd6
                                                                                                                • Instruction ID: aaaf340e7524f41fe980971c1e9fe34fa55f0d034670ee2dfb9650a69722529f
                                                                                                                • Opcode Fuzzy Hash: 2073a97df554e210247604c6f0992bd3deb581942e92fb5222059d2d443d5cd6
                                                                                                                • Instruction Fuzzy Hash: 4A4124B4910309CFCB24DF89C888AAABBF5FB98314F24C55DD519AB361C774A945CFA0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 018970A8 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 70COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 1327 18970a8-1897134 CheckRemoteDebuggerPresent 1330 189713d-1897178 1327->1330 1331 1897136-189713c 1327->1331 1331->1330
                                                                                                                APIs
                                                                                                                • CheckRemoteDebuggerPresent.KERNELBASE(?,?), ref: 01897127
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.2872599278.0000000001890000.00000040.00000800.00020000.00000000.sdmp, Offset: 01890000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1890000_MSBuild.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CheckDebuggerPresentRemote
                                                                                                                • String ID: ?4K
                                                                                                                • API String ID: 3662101638-677986170
                                                                                                                • Opcode ID: 06832449192b2d65d5a4020e172ed36fe703bab7dc9571ec7e32b38fc44d9c6d
                                                                                                                • Instruction ID: 6e44427dd8f50ae0ea25d86e57f0f1c01256c85efc5028081d1a2883423e0034
                                                                                                                • Opcode Fuzzy Hash: 06832449192b2d65d5a4020e172ed36fe703bab7dc9571ec7e32b38fc44d9c6d
                                                                                                                • Instruction Fuzzy Hash: 3D2139B18002598FCB10DFAAD884BEEBBF5EF49320F14845AE455A7241D738AA44CF61
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 072C2410 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 46comCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 1340 72c2410-72c334a OleInitialize 1342 72c334c-72c3352 1340->1342 1343 72c3353-72c3370 1340->1343 1342->1343
                                                                                                                APIs
                                                                                                                • OleInitialize.OLE32(00000000), ref: 072C333D
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.2878253804.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_72c0000_MSBuild.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Initialize
                                                                                                                • String ID: ?4K
                                                                                                                • API String ID: 2538663250-677986170
                                                                                                                • Opcode ID: 88db15e8e9475cf02af93478ca33ebf41fc7066c286f02efce14975874cd581d
                                                                                                                • Instruction ID: 839c173483b38fc9fd7228ce9ad7318e1ffe9f7072836ee57abe6274dd0cea1d
                                                                                                                • Opcode Fuzzy Hash: 88db15e8e9475cf02af93478ca33ebf41fc7066c286f02efce14975874cd581d
                                                                                                                • Instruction Fuzzy Hash: 421157B18103488FCB10DF9AC448BDEFBF4EB48320F208419D519A7301C778A944CFA5
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 072C32E0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 45comCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 1346 72c32e0-72c334a OleInitialize 1347 72c334c-72c3352 1346->1347 1348 72c3353-72c3370 1346->1348 1347->1348
                                                                                                                APIs
                                                                                                                • OleInitialize.OLE32(00000000), ref: 072C333D
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.2878253804.00000000072C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072C0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_72c0000_MSBuild.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Initialize
                                                                                                                • String ID: ?4K
                                                                                                                • API String ID: 2538663250-677986170
                                                                                                                • Opcode ID: 8ca7f8d7ceed89f26a3f76816d069a5d4e854086c403791a6dd023e45dd296cf
                                                                                                                • Instruction ID: 671fd3ef85ac2bfe25f84687c65832e6e42cedb2526662ee8ef7b68de6a9490f
                                                                                                                • Opcode Fuzzy Hash: 8ca7f8d7ceed89f26a3f76816d069a5d4e854086c403791a6dd023e45dd296cf
                                                                                                                • Instruction Fuzzy Hash: 381115B58003898FCB10DFAAD848BCEFFF4EB48324F24855AD559A7241C738A545CFA5
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 06D2B680 Relevance: 2.7, Strings: 2, Instructions: 248COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 1997 6d2b680-6d2b69f 1998 6d2b6a1-6d2b6a4 1997->1998 1999 6d2b751-6d2b754 1998->1999 2000 6d2b6aa-6d2b6b6 1998->2000 2001 6d2b756-6d2b772 1999->2001 2002 6d2b777-6d2b77a 1999->2002 2005 6d2b6c1-6d2b6c3 2000->2005 2001->2002 2003 6d2b780-6d2b78f 2002->2003 2004 6d2b9af-6d2b9b1 2002->2004 2017 6d2b791-6d2b7ac 2003->2017 2018 6d2b7ae-6d2b7f2 2003->2018 2006 6d2b9b3 2004->2006 2007 6d2b9b8-6d2b9bb 2004->2007 2008 6d2b6c5-6d2b6cb 2005->2008 2009 6d2b6db-6d2b6df 2005->2009 2006->2007 2007->1998 2012 6d2b9c1-6d2b9ca 2007->2012 2013 6d2b6cf-6d2b6d1 2008->2013 2014 6d2b6cd 2008->2014 2015 6d2b6e1-6d2b6eb 2009->2015 2016 6d2b6ed 2009->2016 2013->2009 2014->2009 2019 6d2b6f2-6d2b6f4 2015->2019 2016->2019 2017->2018 2026 6d2b983-6d2b998 2018->2026 2027 6d2b7f8-6d2b809 2018->2027 2021 6d2b6f6-6d2b6f9 2019->2021 2022 6d2b70b-6d2b744 2019->2022 2021->2012 2022->2003 2039 6d2b746-6d2b750 2022->2039 2026->2004 2032 6d2b96e-6d2b97d 2027->2032 2033 6d2b80f-6d2b82c 2027->2033 2032->2026 2032->2027 2033->2032 2040 6d2b832-6d2b928 call 6d29bb0 2033->2040 2064 6d2b936 2040->2064 2065 6d2b92a-6d2b934 2040->2065 2066 6d2b93b-6d2b93d 2064->2066 2065->2066 2066->2032 2067 6d2b93f-6d2b944 2066->2067 2068 6d2b952 2067->2068 2069 6d2b946-6d2b950 2067->2069 2070 6d2b957-6d2b959 2068->2070 2069->2070 2070->2032 2071 6d2b95b-6d2b967 2070->2071 2071->2032
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.2878077657.0000000006D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D20000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_6d20000_MSBuild.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: $dq$$dq
                                                                                                                • API String ID: 0-2340669324
                                                                                                                • Opcode ID: 7423713599ab27c17ac64f4d0e685d06abad4470784ae3bcd301f184b1730f37
                                                                                                                • Instruction ID: e5744d1bcbb41ab53e5f5fe304cc228275974fa7d06ae62eaa88d8818494b054
                                                                                                                • Opcode Fuzzy Hash: 7423713599ab27c17ac64f4d0e685d06abad4470784ae3bcd301f184b1730f37
                                                                                                                • Instruction Fuzzy Hash: B491BE30B002268FDB64DF69D59066EB7E6EFD4309F14842AD805DB394EFB5EC428B80
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 06D2C74F Relevance: 2.7, Strings: 2, Instructions: 176COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.2878077657.0000000006D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D20000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_6d20000_MSBuild.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: $dq$$dq
                                                                                                                • API String ID: 0-2340669324
                                                                                                                • Opcode ID: af8bc4887dc9a09aeb16dd9b7acf271b5466a5898022ef976d16eeee29ec320e
                                                                                                                • Instruction ID: b30ba64b4cba94634fd11fe62ff54981ba9d9c79d3923884d836b431800f1e23
                                                                                                                • Opcode Fuzzy Hash: af8bc4887dc9a09aeb16dd9b7acf271b5466a5898022ef976d16eeee29ec320e
                                                                                                                • Instruction Fuzzy Hash: BD51A134B102169FEB94DB74DA9177EB7F6EFC8244F108469C809DB398EA34DC028B91
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 06D27D90 Relevance: 2.7, Strings: 2, Instructions: 153COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.2878077657.0000000006D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D20000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_6d20000_MSBuild.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: fiq$XPiq
                                                                                                                • API String ID: 0-1767242014
                                                                                                                • Opcode ID: 789d62e4dc1df1cccb89323eeded2d083acb6f7eafc839d8fb309bdcea8c73e3
                                                                                                                • Instruction ID: c559a117ab59668b1c2555e2327daa646bfe186f34f7480d7bfc6301c3451be0
                                                                                                                • Opcode Fuzzy Hash: 789d62e4dc1df1cccb89323eeded2d083acb6f7eafc839d8fb309bdcea8c73e3
                                                                                                                • Instruction Fuzzy Hash: B9515F75F002199FEB549FA5C8547AEBBF6FFC8700F20852AE109AB395DA758C05CB90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 06D25815 Relevance: 1.4, Strings: 1, Instructions: 111COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.2878077657.0000000006D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D20000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_6d20000_MSBuild.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: PHdq
                                                                                                                • API String ID: 0-2991842255
                                                                                                                • Opcode ID: b4f8659a1666416da3f34b38c0a43f1717a1cf74386b108a02eed430edafe29d
                                                                                                                • Instruction ID: 05d0066a16ab581ad39a0f43c699e4860f8cbf40630331df97299abee1dfb96c
                                                                                                                • Opcode Fuzzy Hash: b4f8659a1666416da3f34b38c0a43f1717a1cf74386b108a02eed430edafe29d
                                                                                                                • Instruction Fuzzy Hash: 64312170B002168FDB549B74E558A6EBBE3EF99214F244969D406DB384DF34CD42CB90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 06D25828 Relevance: 1.4, Strings: 1, Instructions: 105COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.2878077657.0000000006D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D20000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_6d20000_MSBuild.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: PHdq
                                                                                                                • API String ID: 0-2991842255
                                                                                                                • Opcode ID: 88f7fde6f56290e15f91b878363bba12615ea4beaa12340849e8faa9dc6194f5
                                                                                                                • Instruction ID: 809341a9e17f6b8bbe897d662de63a085034cdbf1129383dee3fbd9ba1d36e27
                                                                                                                • Opcode Fuzzy Hash: 88f7fde6f56290e15f91b878363bba12615ea4beaa12340849e8faa9dc6194f5
                                                                                                                • Instruction Fuzzy Hash: 30310170F0021A8FDB549B74E454A6FBBE7EB89218F244428D406DB384EF71CD42CB90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 06D26EB1 Relevance: 1.3, Strings: 1, Instructions: 55COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.2878077657.0000000006D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D20000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_6d20000_MSBuild.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: ?4K
                                                                                                                • API String ID: 0-677986170
                                                                                                                • Opcode ID: 57974f4d73f4adf766ac05edd7519f1ec4ea5894058a66dadf5c6d253eb1205a
                                                                                                                • Instruction ID: 61cfae009e0599dc58b55280a677544193dde286c9aa575bb1bf79bab413f9c8
                                                                                                                • Opcode Fuzzy Hash: 57974f4d73f4adf766ac05edd7519f1ec4ea5894058a66dadf5c6d253eb1205a
                                                                                                                • Instruction Fuzzy Hash: F921C2B5D01259AFCB00DF9AD884ACEFBB8FB48314F50812AE518A7340D375A554CBA5
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 06D26EB8 Relevance: 1.3, Strings: 1, Instructions: 52COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.2878077657.0000000006D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D20000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_6d20000_MSBuild.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: ?4K
                                                                                                                • API String ID: 0-677986170
                                                                                                                • Opcode ID: 2a86a5a7f980e02ddf8efcaa43dc4eac62fba34d7fedd8ab9d9890bc4c05012c
                                                                                                                • Instruction ID: 1e942b86252486caaf40a7caf79caf09ec39872988b9f3e776f095813002eda7
                                                                                                                • Opcode Fuzzy Hash: 2a86a5a7f980e02ddf8efcaa43dc4eac62fba34d7fedd8ab9d9890bc4c05012c
                                                                                                                • Instruction Fuzzy Hash: 8D11B3B5D012599FCB00DF9AD884ADEFBB4FB48314F50816AE518A7740C374A554CFA5
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 06D2B677 Relevance: 1.3, Strings: 1, Instructions: 48COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.2878077657.0000000006D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D20000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_6d20000_MSBuild.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: $dq
                                                                                                                • API String ID: 0-847773763
                                                                                                                • Opcode ID: 95a61e30dc0412b91fd1fa842e393ff0edd65fa8860507e854c2d978de7ad347
                                                                                                                • Instruction ID: 9f7310019371473dd167eca31fb5d46b00c05dc36711fb984d85de285fa68125
                                                                                                                • Opcode Fuzzy Hash: 95a61e30dc0412b91fd1fa842e393ff0edd65fa8860507e854c2d978de7ad347
                                                                                                                • Instruction Fuzzy Hash: 0A012636B002268FEF244E60DAC06A67769EBA421DF150427CD41DB240DAB0C906CBD0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 06D27C89 Relevance: 1.3, Strings: 1, Instructions: 25COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.2878077657.0000000006D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D20000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_6d20000_MSBuild.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: \Oiq
                                                                                                                • API String ID: 0-1214526655
                                                                                                                • Opcode ID: 567a412e6eeddccfa62d77b2d30c63fa8588590fcc1806cc316284e8967379cb
                                                                                                                • Instruction ID: 484d4fd4b72277f34246bfe8f798e2b99bdde90c62456c4495a26071ecf173bc
                                                                                                                • Opcode Fuzzy Hash: 567a412e6eeddccfa62d77b2d30c63fa8588590fcc1806cc316284e8967379cb
                                                                                                                • Instruction Fuzzy Hash: B8F0DA30E2012ADFDB24DF94E859BAEBBB2FF88B04F204119E402A7294CB741D45DB80
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 06D2E830 Relevance: .3, Instructions: 298COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.2878077657.0000000006D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D20000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_6d20000_MSBuild.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 726e00b760ee2b182668cedd0d01a4f38c8421849e24f02ca5b90fe88bd730fb
                                                                                                                • Instruction ID: 60f46fcfd9325c141887f7e619fd181809810573dd597bf07c2aaf082025c322
                                                                                                                • Opcode Fuzzy Hash: 726e00b760ee2b182668cedd0d01a4f38c8421849e24f02ca5b90fe88bd730fb
                                                                                                                • Instruction Fuzzy Hash: 51A18770F1022A8BEF60CBA8D5947AEBBF6FB99314F244429E409E7381DB34DC819751
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 06D293F8 Relevance: .2, Instructions: 229COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.2878077657.0000000006D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D20000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_6d20000_MSBuild.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 96ecc734b0fdbe894f944ad5460de432d8025423db03f37e0bd91d5c285c07ea
                                                                                                                • Instruction ID: b1dfc31a8e4185b6c8d0f3384f937dee2800dedc91bf250cee63a95512d5cea9
                                                                                                                • Opcode Fuzzy Hash: 96ecc734b0fdbe894f944ad5460de432d8025423db03f37e0bd91d5c285c07ea
                                                                                                                • Instruction Fuzzy Hash: DA61B271F001224FDF549B6AC89056FBADBAFE8224F254439E80EDB364DE65EC4287C5
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 06D277F0 Relevance: .2, Instructions: 222COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.2878077657.0000000006D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D20000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_6d20000_MSBuild.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 911194703ff09f6fce2dac9f6632298032960cba0512af8073e0a4a2b1ab862e
                                                                                                                • Instruction ID: e3533d4705721a15b2ce3c09a4dc01f0c1f9cc6a05d41a0cdcc3126de030722d
                                                                                                                • Opcode Fuzzy Hash: 911194703ff09f6fce2dac9f6632298032960cba0512af8073e0a4a2b1ab862e
                                                                                                                • Instruction Fuzzy Hash: D8914C30E0021A8FDF60DF68C890B9DB7B1FF99314F208699D44DAB295DB70AA85CF51
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 06D274E0 Relevance: .2, Instructions: 218COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.2878077657.0000000006D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D20000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_6d20000_MSBuild.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: e0341162fde08ee5f80ffa5fade1e4855f1ba31a3224cd73a27b5964192577c6
                                                                                                                • Instruction ID: 581213fa47b458079e7e338ae909f19698259bab300888eb63556f5ff084883e
                                                                                                                • Opcode Fuzzy Hash: e0341162fde08ee5f80ffa5fade1e4855f1ba31a3224cd73a27b5964192577c6
                                                                                                                • Instruction Fuzzy Hash: DE814E34B1021A9FDB54DFA8D5946AEBBF7EF98304F108429D40ADB394EA74DC428B91
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 06D274DE Relevance: .2, Instructions: 216COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.2878077657.0000000006D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D20000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_6d20000_MSBuild.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 851b3ea9475c9fb0446d28c02884fb7e9ae17b04e91fd563bbfb28089607803e
                                                                                                                • Instruction ID: 2ae4c0af7cd06e4062953eedaeff8843bce3522732fff8b7dc654221d83374e4
                                                                                                                • Opcode Fuzzy Hash: 851b3ea9475c9fb0446d28c02884fb7e9ae17b04e91fd563bbfb28089607803e
                                                                                                                • Instruction Fuzzy Hash: 33814C34B1021A9FDB54DFA8D5947AEB7F7EF98304F208429D40ADB394EA34DC428B91
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 06D27808 Relevance: .2, Instructions: 210COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.2878077657.0000000006D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D20000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_6d20000_MSBuild.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: e54bf7521192a4c6ee3eb963276d8b3c11cd056c04d4aa9b7900e250a83b8c19
                                                                                                                • Instruction ID: 7bf435c60ade9679b4592198d9b2b48fe22fcab55754a26f9ceb960aadd166a6
                                                                                                                • Opcode Fuzzy Hash: e54bf7521192a4c6ee3eb963276d8b3c11cd056c04d4aa9b7900e250a83b8c19
                                                                                                                • Instruction Fuzzy Hash: A5913C30E1021A8BDF60DF68C890B9DB7B1FF99314F208599D54DAB395DB70AA85CF90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 06D28658 Relevance: .1, Instructions: 126COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.2878077657.0000000006D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D20000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_6d20000_MSBuild.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: d095ec28cc14c6e26b354dde92d3764d27f2eca667ad2dfaff4b30fe3b64e244
                                                                                                                • Instruction ID: 4631b6819589b3c25f9c47a7cf8fad80e14cd529be6c7c75e5c821f74403907a
                                                                                                                • Opcode Fuzzy Hash: d095ec28cc14c6e26b354dde92d3764d27f2eca667ad2dfaff4b30fe3b64e244
                                                                                                                • Instruction Fuzzy Hash: D5417E75E1061A8FDF70CF99D8C0AAFF7F2EB94314F10492AE116D7640D730A8499B90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 06D272C8 Relevance: .1, Instructions: 117COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.2878077657.0000000006D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D20000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_6d20000_MSBuild.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 3972460eb83f7d09ad9cac69f4c89c7e6cd79a079070e1dfca541f2e3c3f0e27
                                                                                                                • Instruction ID: bf07086dbaec4773a7dfc44a02d3f192adbcc760097d7b48bd04eb991cbeef49
                                                                                                                • Opcode Fuzzy Hash: 3972460eb83f7d09ad9cac69f4c89c7e6cd79a079070e1dfca541f2e3c3f0e27
                                                                                                                • Instruction Fuzzy Hash: 4031BD713001264FDB55EB799850B6EBADBEBD4315F18802AE409CB391DF7ECE428396
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 06D256D8 Relevance: .1, Instructions: 98COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.2878077657.0000000006D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D20000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_6d20000_MSBuild.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 385cc59524812fe83669a5f650ed46361740d0b089486ce99fc7083f0000656c
                                                                                                                • Instruction ID: 1de7471509a67845354f3d91c2850f4358015fd0073896cf2bb2a7f24d2cfb9f
                                                                                                                • Opcode Fuzzy Hash: 385cc59524812fe83669a5f650ed46361740d0b089486ce99fc7083f0000656c
                                                                                                                • Instruction Fuzzy Hash: 14315E34E106169BCB14CF64D594AAEB7B6EF99304F10C929E816EB350EB70AC46CB80
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 06D256E8 Relevance: .1, Instructions: 91COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.2878077657.0000000006D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D20000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_6d20000_MSBuild.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 5b42834d435c521c1c822e1bb1330079b5c44c4b0a062c15cc82293ed3142c03
                                                                                                                • Instruction ID: 16cab347a9f3dd0ee5abe71bff82bfc0dcb44f867f072fc5eb974f57fc26c116
                                                                                                                • Opcode Fuzzy Hash: 5b42834d435c521c1c822e1bb1330079b5c44c4b0a062c15cc82293ed3142c03
                                                                                                                • Instruction Fuzzy Hash: C8315E34E1061ADBCB14CF65D594AAEB7F6EF89304F10C929E806EB354EB75AC46CB40
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 06D270E8 Relevance: .1, Instructions: 78COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.2878077657.0000000006D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D20000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_6d20000_MSBuild.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 80b7e817e71b1c52b05033298419b6a0051407c8eab115aad6633e83175ca4ce
                                                                                                                • Instruction ID: 3ca31e361c33e0b86c36bc0b8f9592d1f0b11b53c94cc4d85d4c498d945a3e6f
                                                                                                                • Opcode Fuzzy Hash: 80b7e817e71b1c52b05033298419b6a0051407c8eab115aad6633e83175ca4ce
                                                                                                                • Instruction Fuzzy Hash: 8E218975E012169FEB61CFA9D990AAEBBF5FB88310F148025E905E7350E775DC408B90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 06D2A310 Relevance: .1, Instructions: 75COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.2878077657.0000000006D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D20000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_6d20000_MSBuild.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 819e842ea07bbca2966722bd78dc8ea61500b86606f484a1ecbaa5cd161d7004
                                                                                                                • Instruction ID: 9fbf7c0398cdf5a44814a87af546d0993ceb55d9350112acd3f6a8e9a62f38c6
                                                                                                                • Opcode Fuzzy Hash: 819e842ea07bbca2966722bd78dc8ea61500b86606f484a1ecbaa5cd161d7004
                                                                                                                • Instruction Fuzzy Hash: B321A730B111269FDF54DBA9E5946ADFBF6EB84315F248829D405DB391DB349C418BC0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 06D270E6 Relevance: .1, Instructions: 74COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.2878077657.0000000006D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D20000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_6d20000_MSBuild.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: feb629d86b86cbe09d25eda255386ba25f74d43ee5675a73a54982de0d799272
                                                                                                                • Instruction ID: dc82aca0ceb65e5302075884aa89db806fd39141a1fa271e1cef34d051565470
                                                                                                                • Opcode Fuzzy Hash: feb629d86b86cbe09d25eda255386ba25f74d43ee5675a73a54982de0d799272
                                                                                                                • Instruction Fuzzy Hash: 3D217575F012169FEB61CFA9D980AAEBBF5FB88210F148026E905E7390E775DC418B90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0180D030 Relevance: .1, Instructions: 72COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.2872324430.000000000180D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0180D000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_180d000_MSBuild.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 6803a90b698288e8c6c2379ab7affacc3f88c4e559a62176254bf1f3fa617c94
                                                                                                                • Instruction ID: 64e66f9797ffb02c5e10e417a424abf204043c25bd41843542c0f8d2b1054a46
                                                                                                                • Opcode Fuzzy Hash: 6803a90b698288e8c6c2379ab7affacc3f88c4e559a62176254bf1f3fa617c94
                                                                                                                • Instruction Fuzzy Hash: 032103B1604208DFDB52DF98DDC0B26BBA5FB84314F24C66DD80E8B292C33AD506CA61
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 06D2A320 Relevance: .1, Instructions: 68COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.2878077657.0000000006D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D20000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_6d20000_MSBuild.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: d36e9d557be971da05a665011f2af7bdfdbaa1564820baad01ec76883a24f337
                                                                                                                • Instruction ID: c71222dddf6a32be07853996b90289812f4808c7edbd43705762a6d6b390f5a7
                                                                                                                • Opcode Fuzzy Hash: d36e9d557be971da05a665011f2af7bdfdbaa1564820baad01ec76883a24f337
                                                                                                                • Instruction Fuzzy Hash: CD21A230F1012A9FDF54DBA9E9946AEB7FAEB88315F248425D405DB380EB34EC418BC0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 06D271F8 Relevance: .1, Instructions: 59COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.2878077657.0000000006D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D20000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_6d20000_MSBuild.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 82051f4a2467ddc2b824a3c19d7ee643050fd35562c2d2c147336c96f1669c77
                                                                                                                • Instruction ID: c8a48a248ff9bc90baa2dd746abfb366c0a2591d2b82095b1c1d01033d62704f
                                                                                                                • Opcode Fuzzy Hash: 82051f4a2467ddc2b824a3c19d7ee643050fd35562c2d2c147336c96f1669c77
                                                                                                                • Instruction Fuzzy Hash: 1C11A135F1012A9BDB6496A8D8106AE77EAFFC8310F144439E80AE7344DE74DC028BA1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 06D2742F Relevance: .1, Instructions: 57COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.2878077657.0000000006D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D20000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_6d20000_MSBuild.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 93e5840414979d460c5e11ba26359e7bc902783e995d99c45ec8823cc7fd8ada
                                                                                                                • Instruction ID: 926323c5f8f78ea61dcfd4b5ab4e6089b232eaebe87202e07746cdd708500f99
                                                                                                                • Opcode Fuzzy Hash: 93e5840414979d460c5e11ba26359e7bc902783e995d99c45ec8823cc7fd8ada
                                                                                                                • Instruction Fuzzy Hash: 3301DF70B101215FDB658B7C855573EBBE6DB89714F20883AE04ECB395E929DC4343A1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 06D2D90F Relevance: .1, Instructions: 54COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.2878077657.0000000006D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D20000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_6d20000_MSBuild.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 06352921abaf3c8e47c2fc5a5cd4f959be3e67ef7e86cb21d51a05ef7fcacdf8
                                                                                                                • Instruction ID: ba9b3b7a10f7c9effbb2c57db551ac934b68f4e96c20adcfdb473b1abf4367a4
                                                                                                                • Opcode Fuzzy Hash: 06352921abaf3c8e47c2fc5a5cd4f959be3e67ef7e86cb21d51a05ef7fcacdf8
                                                                                                                • Instruction Fuzzy Hash: 3C01F735B105224FDB60DB38D5A573A7BE2EF89B14F118C69F08ACB359DA29DC428790
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0180D02B Relevance: .1, Instructions: 53COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.2872324430.000000000180D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0180D000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_180d000_MSBuild.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 5bc96cb8dbab4a459d35c79ebbe5ba2a9dff6c5f08df11ade35b896c854f64ae
                                                                                                                • Instruction ID: 6a485a2f17af13d2ff26e4af16d809e673a20d18142ee7c2812d8c7aa8688b5b
                                                                                                                • Opcode Fuzzy Hash: 5bc96cb8dbab4a459d35c79ebbe5ba2a9dff6c5f08df11ade35b896c854f64ae
                                                                                                                • Instruction Fuzzy Hash: 2811BE75504284CFDB12CF94D9C4B15FF71FB84314F24C6AAD8498B696C33AD44ACB61
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 06D26698 Relevance: .1, Instructions: 53COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.2878077657.0000000006D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D20000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_6d20000_MSBuild.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 2fcdb2c0036c4e31dd7ce2c3478b93cec9a953a81a67ee8dacbab1b32d83fc9c
                                                                                                                • Instruction ID: 8946d12a38e51d9444175741b4303de68ec870912ade1fb5bff10debd2bb314a
                                                                                                                • Opcode Fuzzy Hash: 2fcdb2c0036c4e31dd7ce2c3478b93cec9a953a81a67ee8dacbab1b32d83fc9c
                                                                                                                • Instruction Fuzzy Hash: 9D016171E003699BCB649B79D8405DEF7B6EF98314F1085B9D506E7204EA31DA44CBE1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 06D271E9 Relevance: .1, Instructions: 52COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.2878077657.0000000006D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D20000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_6d20000_MSBuild.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 5ae814edbe3202650099d3ff119edd8fb86bc91e26ff3a64d7940bd1456fd9c6
                                                                                                                • Instruction ID: 1a6c1be242d6d1c25409a7f4dfb771cdb9101c92c3c89dfb0f0fd34d1029bb40
                                                                                                                • Opcode Fuzzy Hash: 5ae814edbe3202650099d3ff119edd8fb86bc91e26ff3a64d7940bd1456fd9c6
                                                                                                                • Instruction Fuzzy Hash: 5601F736F100255BEB6486A8D8113FF73ABEBC8600F14443AD40AE3344DE74CD024BD1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 06D27440 Relevance: .1, Instructions: 51COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.2878077657.0000000006D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D20000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_6d20000_MSBuild.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 494ae9c828ca161d414ecfe9186dc2620bd2f9bc39482f150cb59871333ec7ee
                                                                                                                • Instruction ID: ab8f6a28dd80dd92ccd1ef8de84690b65751ff993e74d52955ca3988b6efde02
                                                                                                                • Opcode Fuzzy Hash: 494ae9c828ca161d414ecfe9186dc2620bd2f9bc39482f150cb59871333ec7ee
                                                                                                                • Instruction Fuzzy Hash: 07016D71B100211BDB649A6D9455B2BBBDADBD9724F20883AE50ECB354ED69DC034391
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 06D2D920 Relevance: .0, Instructions: 46COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.2878077657.0000000006D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D20000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_6d20000_MSBuild.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 265095b982cdf6445e393b978923bce049482a5fc7d9e23d3569429d1099b2e7
                                                                                                                • Instruction ID: 72f89336462bb887d987fe6ea9fd7ba7433248bf8638b1a28bad2077a0ee2e3c
                                                                                                                • Opcode Fuzzy Hash: 265095b982cdf6445e393b978923bce049482a5fc7d9e23d3569429d1099b2e7
                                                                                                                • Instruction Fuzzy Hash: C2018135B105264BDB60D76CE5A5B3A77E6EBC9724F108828F14ACB358EE29EC018790
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 06D29A80 Relevance: .0, Instructions: 28COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.2878077657.0000000006D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D20000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_6d20000_MSBuild.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: de8f0735e713f1a16b10c8b0af0584be82151ddca748254965f9ea222911f69c
                                                                                                                • Instruction ID: 57597fcea2cdda4c558b9f164831e31264ca9d19f16d58763210d6ad806223e8
                                                                                                                • Opcode Fuzzy Hash: de8f0735e713f1a16b10c8b0af0584be82151ddca748254965f9ea222911f69c
                                                                                                                • Instruction Fuzzy Hash: 69E02270D063468FEBA0CF70CA267897BB0EB11208F208DAAC409CB601D13AC902C780
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 06D29A90 Relevance: .0, Instructions: 22COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.2878077657.0000000006D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D20000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_6d20000_MSBuild.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 99eaf142ca84b44b7758b2b24655deb4517eb82ac2963be868c188314192dacd
                                                                                                                • Instruction ID: 9784d570d73cd83c2448f07d27e20280e7acf4ca6d7ccf5738223ce6c5cf9014
                                                                                                                • Opcode Fuzzy Hash: 99eaf142ca84b44b7758b2b24655deb4517eb82ac2963be868c188314192dacd
                                                                                                                • Instruction Fuzzy Hash: ADE0C2B0E1021AABEF50CFB6C955B5A73ADE71120CF2088A4E409CF200E136CA014780
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Non-executed Functions

                                                                                                                Function 06D2ACA8 Relevance: 13.0, Strings: 10, Instructions: 468COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.2878077657.0000000006D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D20000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_6d20000_MSBuild.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: $dq$$dq$$dq$$dq$$dq$$dq$$dq$$dq$$dq$$dq
                                                                                                                • API String ID: 0-3623093008
                                                                                                                • Opcode ID: 53ebd6ac92b11cb701df330bdd0ea98be1b3e5ddcdd19873fb4ad8f272962e5d
                                                                                                                • Instruction ID: 658893cd046f9cc9c4a8a7e77631d86fc4bfd3b2c9e4c9a7059f29c10614d38b
                                                                                                                • Opcode Fuzzy Hash: 53ebd6ac92b11cb701df330bdd0ea98be1b3e5ddcdd19873fb4ad8f272962e5d
                                                                                                                • Instruction Fuzzy Hash: 17123E70E0122ACFDB64DF65C9546AEB7F2FF98305F24856AD409AB264DB709D81CF80
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 06D2DF40 Relevance: 10.2, Strings: 8, Instructions: 229COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.2878077657.0000000006D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D20000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_6d20000_MSBuild.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: $dq$$dq$$dq$$dq$$dq$$dq$$dq$$dq
                                                                                                                • API String ID: 0-634254105
                                                                                                                • Opcode ID: 39b10d3fa630bf3582b3e861176f059f8c60854b54a8c8d31e2398cb2d49b3d7
                                                                                                                • Instruction ID: 2b676f7e97076cb7fe000d07b2c7ca55ce633ba9d8e9b9ac6c7c6a98acdf9001
                                                                                                                • Opcode Fuzzy Hash: 39b10d3fa630bf3582b3e861176f059f8c60854b54a8c8d31e2398cb2d49b3d7
                                                                                                                • Instruction Fuzzy Hash: 3891A070A0022ADFEF64DF65DA9477E77F6EF94308F248529E8069B294CB349D41CB90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 06D2A6A8 Relevance: 9.2, Strings: 7, Instructions: 405COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.2878077657.0000000006D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D20000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_6d20000_MSBuild.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: .5|q$$dq$$dq$$dq$$dq$$dq$$dq
                                                                                                                • API String ID: 0-3447281907
                                                                                                                • Opcode ID: fd3474c869da2ca769f321827a28b8b686ad34668bb530e3d4a3475cc7ae4a7a
                                                                                                                • Instruction ID: 383b41d997a7f556c30f4e6a9b27d3dd224450329987de9232d125d7258700f0
                                                                                                                • Opcode Fuzzy Hash: fd3474c869da2ca769f321827a28b8b686ad34668bb530e3d4a3475cc7ae4a7a
                                                                                                                • Instruction Fuzzy Hash: 12F16E34B0121ACFDB65DFA8D494A6EB7B6FF98305F288568D4059B394CB35AC42CB81
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 06D2B9E0 Relevance: 5.3, Strings: 4, Instructions: 282COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.2878077657.0000000006D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D20000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_6d20000_MSBuild.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: $dq$$dq$$dq$$dq
                                                                                                                • API String ID: 0-185584874
                                                                                                                • Opcode ID: 84290f7db477f2c2fb5e82cfd68230dbd9c53a228723608b487e1fbb5ea1fce1
                                                                                                                • Instruction ID: f4b22d3077094fe7618bd220cc3f0240b63a4a44f0ac9da7e6f43566f8875d06
                                                                                                                • Opcode Fuzzy Hash: 84290f7db477f2c2fb5e82cfd68230dbd9c53a228723608b487e1fbb5ea1fce1
                                                                                                                • Instruction Fuzzy Hash: 8AB13130A0121A8FDB64DF68D5946AEB7F2FF94309F24846AD406DB355DBB5DC82CB40
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 06D2BDF8 Relevance: 5.2, Strings: 4, Instructions: 168COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.2878077657.0000000006D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D20000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_6d20000_MSBuild.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: LRdq$LRdq$$dq$$dq
                                                                                                                • API String ID: 0-340319088
                                                                                                                • Opcode ID: bdd667cd5bb97100c95d814a42565508bcfc6c700531ef88109e685319d48758
                                                                                                                • Instruction ID: 832c163cc11bbcc8fa1bb0fd99fc2c733a02539cc3f8e8ce2fed06db0b34c62f
                                                                                                                • Opcode Fuzzy Hash: bdd667cd5bb97100c95d814a42565508bcfc6c700531ef88109e685319d48758
                                                                                                                • Instruction Fuzzy Hash: 4451F430B002128FDB54DB28C994A6EB7F6FF98308F1485A9E515DF3A4DA71EC40CB91
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 06D2E2C8 Relevance: 5.2, Strings: 4, Instructions: 159COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.2878077657.0000000006D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D20000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_6d20000_MSBuild.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: $dq$$dq$$dq$$dq
                                                                                                                • API String ID: 0-185584874
                                                                                                                • Opcode ID: 2dd6b51f075a8e639d929949625644754a240b3d4542e44016cc39ad9f061d56
                                                                                                                • Instruction ID: 3f059731b197ba1c9ac69e2e2c0dc7e4ce779a5f609c932fb294f810f203515b
                                                                                                                • Opcode Fuzzy Hash: 2dd6b51f075a8e639d929949625644754a240b3d4542e44016cc39ad9f061d56
                                                                                                                • Instruction Fuzzy Hash: 4B51E130E112268FDF65DB68D5806AEB7F2FB98315F24856AD406EB394DB34DC42CB90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%